Privacy Policy

Regulations on the Protection of Personal Data(Issued together with Decision No. 211/2023/QD-DXG/QT of the General Director of Dat Xanh Group Joint Stock Company)

Personal data protection policy for customers and partners

Preface

The Personal Data Protection Policy for Customers/Partners of Dat Xanh Group Joint Stock Company (hereinafter referred to as the “Policy”) aims to inform Customers and Partners about the personal data of Customers/Partners processed by Dat Xanh Group Joint Stock Company (“DXG”), the purpose of processing, the processing methods, the storage time, and the rights and obligations of Customers/Partners regarding their personal data in accordance with Vietnamese law on Personal Data Protection. This Policy also provides recommendations to help Customers/Partners improve their awareness of personal data protection.

This Policy is an integral part of the Contracts, General Terms and Conditions, and Terms of Use for DXG's products and services. This Policy applies to all activities related to the provision of products and services by DXG and applies to all platforms that interact with individual Customers/Partners in the digital environment.

DXG is responsible for notifying and obtaining the consent of Customers/Partners regarding this Policy before processing personal data in accordance with the law. By checking the box "I have read and accept" or "I agree to DXG's Policy and Terms of Use," or by signing a contract with DXG that refers to this Policy, or by signing and continuing to perform the contract or transaction already signed with DXG, or by continuing to register, log in, use DXG's website/wapsite/application, or use DXG's products and services without any complaints regarding this Policy, Customers/Partners confirm that they have carefully read, understood, and accepted the entire content of DXG's Personal Data Protection Policy issued at each given time.

Regulations on the Protection of Personal Data(Issued together with Decision No. 211/2023/QD-DXG/QT of the General Director of Dat Xanh Group Joint Stock Company)

Personal data protection policy for customers and partners

Preface

The Personal Data Protection Policy for Customers/Partners of Dat Xanh Group Joint Stock Company (hereinafter referred to as the “Policy”) aims to inform Customers and Partners about the personal data of Customers/Partners processed by Dat Xanh Group Joint Stock Company (“DXG”), the purpose of processing, the processing methods, the storage time, and the rights and obligations of Customers/Partners regarding their personal data in accordance with Vietnamese law on Personal Data Protection. This Policy also provides recommendations to help Customers/Partners improve their awareness of personal data protection.

This Policy is an integral part of the Contracts, General Terms and Conditions, and Terms of Use for DXG's products and services. This Policy applies to all activities related to the provision of products and services by DXG and applies to all platforms that interact with individual Customers/Partners in the digital environment.

DXG is responsible for notifying and obtaining the consent of Customers/Partners regarding this Policy before processing personal data in accordance with the law. By checking the box "I have read and accept" or "I agree to DXG's Policy and Terms of Use," or by signing a contract with DXG that refers to this Policy, or by signing and continuing to perform the contract or transaction already signed with DXG, or by continuing to register, log in, use DXG's website/wapsite/application, or use DXG's products and services without any complaints regarding this Policy, Customers/Partners confirm that they have carefully read, understood, and accepted the entire content of DXG's Personal Data Protection Policy issued at each given time.

Regulations on the Protection of Personal Data(Issued together with Decision No. 211/2023/QD-DXG/QT of the General Director of Dat Xanh Group Joint Stock Company)

Personal data protection policy for customers and partners

Preface

The Personal Data Protection Policy for Customers/Partners of Dat Xanh Group Joint Stock Company (hereinafter referred to as the “Policy”) aims to inform Customers and Partners about the personal data of Customers/Partners processed by Dat Xanh Group Joint Stock Company (“DXG”), the purpose of processing, the processing methods, the storage time, and the rights and obligations of Customers/Partners regarding their personal data in accordance with Vietnamese law on Personal Data Protection. This Policy also provides recommendations to help Customers/Partners improve their awareness of personal data protection.

This Policy is an integral part of the Contracts, General Terms and Conditions, and Terms of Use for DXG's products and services. This Policy applies to all activities related to the provision of products and services by DXG and applies to all platforms that interact with individual Customers/Partners in the digital environment.

DXG is responsible for notifying and obtaining the consent of Customers/Partners regarding this Policy before processing personal data in accordance with the law. By checking the box "I have read and accept" or "I agree to DXG's Policy and Terms of Use," or by signing a contract with DXG that refers to this Policy, or by signing and continuing to perform the contract or transaction already signed with DXG, or by continuing to register, log in, use DXG's website/wapsite/application, or use DXG's products and services without any complaints regarding this Policy, Customers/Partners confirm that they have carefully read, understood, and accepted the entire content of DXG's Personal Data Protection Policy issued at each given time.

Regulations on the Protection of Personal Data(Issued together with Decision No. 211/2023/QD-DXG/QT of the General Director of Dat Xanh Group Joint Stock Company)

Personal data protection policy for customers and partners

Preface

The Personal Data Protection Policy for Customers/Partners of Dat Xanh Group Joint Stock Company (hereinafter referred to as the “Policy”) aims to inform Customers and Partners about the personal data of Customers/Partners processed by Dat Xanh Group Joint Stock Company (“DXG”), the purpose of processing, the processing methods, the storage time, and the rights and obligations of Customers/Partners regarding their personal data in accordance with Vietnamese law on Personal Data Protection. This Policy also provides recommendations to help Customers/Partners improve their awareness of personal data protection.

This Policy is an integral part of the Contracts, General Terms and Conditions, and Terms of Use for DXG's products and services. This Policy applies to all activities related to the provision of products and services by DXG and applies to all platforms that interact with individual Customers/Partners in the digital environment.

DXG is responsible for notifying and obtaining the consent of Customers/Partners regarding this Policy before processing personal data in accordance with the law. By checking the box "I have read and accept" or "I agree to DXG's Policy and Terms of Use," or by signing a contract with DXG that refers to this Policy, or by signing and continuing to perform the contract or transaction already signed with DXG, or by continuing to register, log in, use DXG's website/wapsite/application, or use DXG's products and services without any complaints regarding this Policy, Customers/Partners confirm that they have carefully read, understood, and accepted the entire content of DXG's Personal Data Protection Policy issued at each given time.

Regulations on the Protection of Personal Data(Issued together with Decision No. 211/2023/QD-DXG/QT of the General Director of Dat Xanh Group Joint Stock Company)

Personal data protection policy for customers and partners

Preface

The Personal Data Protection Policy for Customers/Partners of Dat Xanh Group Joint Stock Company (hereinafter referred to as the “Policy”) aims to inform Customers and Partners about the personal data of Customers/Partners processed by Dat Xanh Group Joint Stock Company (“DXG”), the purpose of processing, the processing methods, the storage time, and the rights and obligations of Customers/Partners regarding their personal data in accordance with Vietnamese law on Personal Data Protection. This Policy also provides recommendations to help Customers/Partners improve their awareness of personal data protection.

This Policy is an integral part of the Contracts, General Terms and Conditions, and Terms of Use for DXG's products and services. This Policy applies to all activities related to the provision of products and services by DXG and applies to all platforms that interact with individual Customers/Partners in the digital environment.

DXG is responsible for notifying and obtaining the consent of Customers/Partners regarding this Policy before processing personal data in accordance with the law. By checking the box "I have read and accept" or "I agree to DXG's Policy and Terms of Use," or by signing a contract with DXG that refers to this Policy, or by signing and continuing to perform the contract or transaction already signed with DXG, or by continuing to register, log in, use DXG's website/wapsite/application, or use DXG's products and services without any complaints regarding this Policy, Customers/Partners confirm that they have carefully read, understood, and accepted the entire content of DXG's Personal Data Protection Policy issued at each given time.

Within the scope of this Policy, the terms below shall be understood and interpreted as follows:
1. DXG/Company/Group: Dat Xanh Group Joint Stock Company.
2. Customer/Partner: (i) An individual or the lawful representative of an individual who uses and/or shows interest in DXG’s products and/or services;
(ii) An individual or the lawful representative of an individual who has accessed and/or registered an account on websites/wapsites/applications owned by DXG;
(iii) An individual or the lawful representative of an individual who enters into and performs contracts or transactions with DXG, including but not limited to matters relating to investment, capital contribution, construction, business, commerce, advertising, or other activities in compliance with applicable laws, but excluding individuals who are candidates or employees of DXG under the Personal Data Protection Policy applicable to employees, candidates, and related persons issued by DXG from time to time.
3. DXG’s Products and Services: (i) Products and services directly developed, operated, and provided by DXG to Customers and Partners.
(ii) Products and services provided by DXG in cooperation with partners to Customers/Partners.

  1. DXG processes Personal Data in the following cases:
    1. When the Customer/Partner or their legal representative contacts DXG to request advice on DXG's products and services or to express interest in DXG's products and services;
    2. When the Customer/Partner tries, signs a contract, registers, or uses DXG's products and services;
    3. When the Customer/Partner accesses and/or registers an account on DXG's product/service websites/wapsites/applications;
    4. When the Customer/Partner consents to provide Personal Data to DXG through publicly available sources such as: DXG's product/service websites/wapsites/applications; meetings, events, seminars, conferences, social networks, or dialogue and discussion programs organized, sponsored, or attended by DXG, and/or from stored files (cookies) recorded on DXG's website;
    5. When a customer or partner of an organization or business allows that organization or business to share the customer's personal data with DXG;
    6. When a customer of an organization or business in which DXG has invested capital or purchased shares; or when a customer of an organization or business that cooperates with DXG in providing products or services.
    7. When requested by competent state agencies.
    8. When DXG carries out work for the purpose of processing personal data as stipulated in Article 3 of this Policy.
    9. Other cases as prescribed by law.
  2. The personal data of Customers/Partners processed by DXG (hereinafter referred to as "Personal Data") includes the following information and may change depending on the type of product or service, and the way the Customer/Partner interacts with DXG:
    1. Basic personal data:
      • Surname, middle name and given name, other names (if any);
      • Date of birth; Date of death or disappearance (day, month, year);
      • Gender;
      • Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
      • Nationality;
      • Personal image;
      • Phone number, national identity card number, personal identification number, passport number, driver's license number, vehicle license plate number, personal tax code number, social insurance number, health insurance card number;
      • Marital status;
      • Information about family relationships (parents, children);
      • Information about the individual's digital account; personal data reflecting activity and activity history on the internet;
      • Other information associated with or helping to identify a specific person not covered by point b, clause 2 of this Article;
    2. Sensitive personal data:
      • Data on crimes and criminal acts collected and stored by law enforcement agencies;
      • Information of customers/partners of credit institutions, branches of foreign banks, payment intermediary service providers, and other authorized organizations, including: customer/partner identification information as prescribed by law, account information, deposit information, information on deposited assets, transaction information, information on organizations and individuals acting as guarantors at credit institutions, bank branches, and payment intermediary service providers;
      • Location data of individuals determined through location services.
      • Other personal data that is legally defined as specific and requires necessary security measures.
    3. DXG will notify customers/partners of the personal data that is mandatory and/or optional to provide at the time the customer/partner contacts, communicates with, registers for, or signs a contract with DXG. Mandatory Personal Data refers to Personal Data that DXG is required to collect from Customers/Partners in accordance with the law, or essential Personal Data necessary to provide some or all of DXG's products and services to Customers/Partners.
    4. If the mandatory Personal Data is not provided as requested by DXG, Customers/Partners will be unable to use certain DXG products and services. In this case, DXG may refuse to provide the products and services to Customers/Partners without incurring any compensation and/or penalties (except in cases of DXG's fault).
    5. Customers/Partners may, from time to time, voluntarily provide DXG with Personal Data that is not required by DXG. When Customers/Partners provide Personal Data outside of DXG's request, it means that Customers/Partners authorize DXG to process their Personal Data for the purposes stated in this Policy or for the purposes stated at the time the Customer/Partner provides such Personal Data. Furthermore, when Customers/Partners proactively provide information outside of DXG's request, Customers/Partners are kindly requested not to provide sensitive Personal Data as defined by law at any given time. DXG will not process and will not be held legally responsible for any sensitive Personal Data voluntarily provided by Customers/Partners outside of DXG's request.

  1. Scope of Processing: Depending on the case, DXG will process all or part of the basic and sensitive personal data of the data subject, including:
    1. Basic Personal Data
      • Surname, middle name, and given name, other names (if any);
      • Date of birth; date of death or disappearance;
      • Gender;
      • Nationality;
      • Place of birth, permanent residence, temporary residence, hometown, contact address;
      • Phone number, email, ID card number, citizen identification number, passport number, driver's license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number, work permit number and information on work permits, visas;
      • Marital status, information about family relationships (parents, spouse, children, etc.);
      • Information about related persons;
      • Resume or CV, cover letter, relevant or previous work experience; Educational qualifications, transcripts, or other information provided by the Data Subject to DXG for registration, application, or recruitment process;
      • Reference information and information obtained from background checks (if any), including information provided by third parties;
      • Personal data reflecting work experience, education & training, awards & disciplinary actions;
      • Images, videos, and audio recordings of the individual (including but not limited to images on application profiles or images and voices of the Data
      • Subject recorded by online conferencing platforms, or images collected through security surveillance equipment in the office/building);
      • Information on work locations and travel history;
      • Information on the Data Subject's personal skills, other talents, and interests (if any);
      • Results from any aptitude or personality tests completed and provided by the Data Subject to DXG;
      • Information regarding the Data Subject's employment, rank, and position;
      • Any other information required by law or voluntarily provided by the Data Subject to DXG during the recruitment and/or employment at DXG that is not classified as Sensitive Personal Data;
      • Other information associated with or helping to identify a specific individual that is not classified as Sensitive Personal Data;
    2. Sensitive Personal Data:
      • Bank account number;
      • Political and religious views;
      • Information on criminal offenses and criminal conduct in criminal records;
      • Financial information such as salary, allowances, bonuses, and other benefits (as subject to change or adjustment from time to time);
      • Health and personal status recorded in medical records;
      • Racial and ethnic origin;
      • Images, fingerprints;
      • Location data of an individual identified through location services;
      • Other personal data is considered specific by law and requires necessary security measures.

DXG applies one or more activities affecting Personal Data such as: collecting, recording, analyzing, verifying, storing, modifying, publishing, combining, accessing, retrieving, retrieving, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data or other related actions.

  1. Data processing commencement time: From the time the Purposes specified in Article 3 of this Policy arise.
  2. Data processing completion time: DXG will cease processing Personal Data upon completion of the Purposes specified in Article 3 of this Policy, unless otherwise stipulated by law, or the Customer/Partner withdraws their consent to the processing of Personal Data, or when a competent state authority requests it in writing.

Except as provided in Article 13 of this Policy, DXG must obtain the consent of the Customer/Partner when sharing the Customer/Partner's Personal Data with the following organizations and individuals to fulfill the Purposes specified in Article 3 of this Policy, specifically:
  • DXG.
  • Third-party service providers or partners in business cooperation contracts (with or without profit sharing): DXG uses and/or collaborates with other companies and individuals to perform certain tasks and programs such as advertising and promotional programs for Customers/Partners, market research, product analysis and development, strategic consulting, and providing billing services. Third-party service providers and/or partners have the right to access, collect, use, and process the Personal Data of Customers/Partners within the scope permitted by DXG to perform their functions and must comply with the law on the protection of Personal Data as Data Processors;
  • Business Restructuring: In the course of business development, DXG may sell or acquire businesses or restructure businesses in accordance with the law and business production needs. In such transactions, Personal Data will be transferred and the transferee must still comply with the provisions of this Policy;
  • DXG is permitted to disclose Personal Data as required by law and by competent statemanagement agencies;
  • DXG is permitted to disclose Personal Data to other telecommunications businesses to serve the purpose of calculating tariffs, invoicing, and preventing evasion of contractual obligations by Customers/Partners.

  1. Right to Know and Right to Consent: By this Policy, DXG informs Customers/Partners about the processing of Personal Data before processing it. Customers/Partners also have the right to agree or disagree with the terms and conditions of this Policy in the manner instructed by DXG through channels and means such as SMS messages, phone calls, checkmarks on the website/wapsite/application, or contacting DXG's customer service hotline. DXG will only process Personal Data after obtaining the Customer/Partner's consent.
  2. Right to Access and Request Personal Data: Customers/Partners have the right to access DXG's applications/websites/wapsites and/or contact DXG directly to view and extract Personal Data that they have provided to DXG for the purposes specified in Article 3 of this Policy. If the Customer/Partner is unable to access, extract, or experiences difficulties accessing or extracting Personal Data, the Customer/Partner may contact DXG for assistance.
  3. Right to edit: The Customer/Partner has the right to edit their Personal Data, provided that such editing does not violate any laws. If the Customer/Partner is unable to edit or experiences difficulties editing their Personal Data, the Customer/Partner may contact DXG for assistance.
  4. Right to object, restrict, or withdraw consent to data processing:
    1. The Customer/Partner has the right to object to, request restrictions on the processing of their Personal Data, or withdraw their consent to the processing of their Personal Data. However, objecting to, restricting, or withdrawing consent to the processing of Customer/Partner's Personal Data may result in DXG being unable to provide Products or Services to the Customer/Partner. This means DXG may unilaterally terminate the contract without compensation to the Customer/Partner due to changes in the terms of the contract (except in cases caused by DXG's fault). Therefore, DXG recommends that Customers/Partners carefully consider before objecting to, restricting, or withdrawing consent to the processing of their Personal Data.
    2. If the Customer/Partner wishes to restrict receiving marketing and promotional content from DXG and wishes to withdraw their prior consent (if any) and/or object to the continued use of their personal information for the purposes specified in Article 3 of this Policy, the Customer/Partner should follow DXG's instructions at the time DXG collects Personal Data or contact DXG using the information provided in this Policy. If the Customer/Partner does not wish to receive notifications from the DXG application, please adjust the notification settings in the application or on your device.
  5. Right to delete Personal Data: The Customer/Partner has the right to request DXG to delete their Personal Data, provided that the request complies with the law. However, requesting the deletion of Customer/Partner's Personal Data may result in DXG being unable to provide Products or Services to the Customer/Partner. This means DXG may unilaterally terminate the contract without compensation to the Customer/Partner due to changes in the contract terms (except in cases of DXG's fault). Therefore, DXG recommends that Customers/Partners carefully consider before requesting DXG to delete their Personal Data.
  6. Right to complain, denounce, or sue: Customers/Partners have the right to complain, denounce, or sue in accordance with the law.
  7. Right to claim compensation for damages: Customers/Partners have the right to claim compensation from DXG in accordance with the law when a violation of regulations on the protection of Personal Data occurs, provided that the following conditions are met simultaneously:
    • There is an act of violating DXG's legal regulations on the protection of Personal Data;
    • The aforementioned violations resulted in actual damages incurred by the Customer/Partner;
    • The Customer has fully fulfilled its obligations regarding the protection of its personal data as stipulated by law, this Policy, and other agreements between DXG and the Customer/Partner.
  8. Right to self-protection: The Customer/Partner has the right to self-protection in accordance with the Civil Code, other relevant laws, and Decree 13/2023/ND-CP on the protection of personal data (and its accompanying amendments), or to request competent authorities or organizations to implement methods of protecting civil rights as stipulated in Article 11 of the Civil Code.

DXG processes the Data Subject's Personal Data from the moment it receives the Data Subject's consent to the processing of that Personal Data. The Data Subject's Personal Data will be processed for the period necessary to achieve the Processing Purposes and/or to fulfill the obligations that DXG has notified to the Data Subject and/or to fulfill the agreements and/or contracts that DXG has entered into with the Data Subject, unless a longer retention period for the Personal Data is required or permitted by relevant legal regulations (e.g., for inspection, tax, labor, and auditing purposes). Some types of Personal Data may be retained for longer periods than others.

  1. Collection of Personal Data: DXG and/or the Personal Data Processing Party(ies) may collect the Personal Data of Data Subjects from various legitimate sources, including but not limited to:
    1. Directly provided to DXG by the Candidate during the interview process;
    2. Directly provided to DXG by the Employee when entering into a contract with DXG and during employment at DXG;
    3. From exchanges, communications, and interactions with the Data Subject;
    4. From audio and video recording devices connected to security systems located at business units/branches/transaction offices and at DXG;
    5. Provided by the Data Subject to third parties (organizations or individuals outside DXG and the Personal Data Processing Party but authorized to process Personal Data) and consenting to that third party providing the data to DXG. For the purposes of this regulation, third parties may include, but are not limited to, providers of services related to communications, recruitment, market research, marketing, fraud prevention, data collection, and/or other third parties involved in DXG's operations;
    6. From DXG's Personal Data Processing Parties (including business partners), Affiliated Banks, publicly available data sources or data sources of competent state authorities, and other sources;
    7. From any other sources and/or third parties not mentioned above that process personal data in accordance with Vietnamese law and have obtained the data subject's consent to provide it to other parties, including DXG.
    2. DXG will use all methods permitted by Vietnamese law to collect Personal Data from the sources mentioned above, including, but not limited to, landline telephone systems, telephone switchboards, mobile phones, email, laptops, CCTV cameras, and other electronic transaction systems.
  2. Processing of Personal Data Obtained from Recording Activities in Public Places:
    1. DXG may collect and process image data of individuals and information obtained from security systems (e.g., audio and video recordings from areas equipped with CCTV surveillance cameras, including but not limited to branches, business units, and headquarters, including transaction counters, corridors, entrances, and parking lots) for the purpose of protecting national security, public order and safety, and the legitimate rights and interests of organizations and individuals as prescribed by law, without requiring the consent of the Data Subject.
    2. At DXG, the security and CCTV systems operate 24/7 to ensure the safety and order of Data Subjects, prevent crime, protect facilities, and prevent fires. DXG commits to processing only the Personal Data of Data Subjects in accordance with the contents of this Policy and the provisions of the law.
  3. Processing of Children's Personal Data
    1. DXG processes children's personal data in accordance with the principle of protecting the rights and best interests of children. Before processing children's personal data, DXG will take appropriate measures to verify the child's age.
    2. DXG may receive personal data of children who are employees' children, relatives, dependents, etc., and process this personal data for the purposes specified in Article 4 of this Policy. DXG only processes children's personal data on the basis of an agreement with the employee for the purposes of processing. Employees are responsible for ensuring that children have been fully informed of the relevant Processing Purposes and have obtained the consent of the child in the case of children aged 7 years and older, and the consent of their parents or guardians as prescribed, except as stipulated in Article 17 of Decree 13/2023/ND-CP dated April 17, 2023, before providing such information to DXG.
  4. Transfer of Personal Data Abroad
    1. DXG may transfer or grant access to the Personal Data of Data Subjects to partners and service providers abroad for processing in accordance with the Processing Purposes agreed upon by the Data Subject. In some other cases, DXG's partners and service providers based in Vietnam may use equipment and data processing systems located outside the territory of Vietnam to process Personal Data on behalf of DXG. These cases are all considered as transferring the Data Subject's Personal Data abroad.
    2. It should be noted that some countries may have lower or higher levels or practices regarding the protection of Personal Data than Vietnam. In all cases involving the transfer of Personal Data abroad, DXG will endeavor to implement appropriate measures to ensure the protection of the Data Subject's Personal Data, including signing data security agreements and commitments, selecting appropriate Data Processing Partners with clearly defined tasks, and only working with partners who have appropriate safeguards in place.

  1. The personal data of Customers/Partners is committed to being kept confidential in accordance with the law and DXG's Personal Data Protection Policy.
  2. DXG strives to ensure that the personal data of Customers/Partners is protected from violations of regulations on personal data protection and to prevent loss, destruction, or damage due to incidents, using technical measures. DXG maintains its commitment to personal data security by applying physical, electronic, and managerial measures to protect personal data, including:
    1. The servers of DXG's official website and information systems containing DXG's personal data are protected by security measures and technologies such as firewalls, encryption, and anti-intrusion measures; implementing human control measures, building inspection, evaluation, and review processes to prevent violations of regulations on personal data protection.
    2. DXG will take all appropriate measures to ensure that the Personal Data of Customers/Partners is processed in accordance with the stated Purpose. DXG will always comply with all legal requirements regarding the storage of Personal Data.
  3. Fulfilling requests from Customers/Partners regarding their Personal Data provided that such requests comply with legal regulations.
  4. Other obligations as required by law and this Policy.

  1. DXG employs various information security measures and technologies to protect the personal data of its Customers/Partners from unauthorized use or sharing. DXG is committed to maximizing the security of its Customers/Partners' personal data. Some potential unintended consequences and damages include:
  2. Hardware or software failures during the processing of personal data causing unintended damage (errors, malfunctions, loss) to Customers/Partners' personal data;
  3. Security vulnerabilities beyond DXG's control, such as hacker attacks leading to the leakage of Customers/Partners' personal data;
  4. Customers/Partners themselves leaking their personal data due to: carelessness or fraud; accessing websites/downloading applications containing malware; or voluntarily sharing information with others.
  5. DXG advises Customers/Partners to strictly adhere to their responsibilities for protecting personal data as stipulated in Article 8 of this Policy and in accordance with the law.
  6. In the event of hardware or software failures during the processing of personal data as stipulated in Point a, Clause 1 of this Article, DXG is responsible for directly compensating Customers/Partners for damages as stipulated in the Contract, General Terms and Conditions, and the law. In the event that the data storage server is attacked by hackers resulting in the loss of Customers/Partners' personal data, or if Customers/Partners themselves inadvertently leak personal data as stipulated in Points b and c, Clause 1 of this Article, DXG is responsible for notifying the competent authorities for timely investigation and handling, and for informing Customers/Partners of the incident.

DXG's websites/wapsites/applications may include third-party advertisements and links to other websites/wapsites/applications. Third-party advertising partners may collect information about Customers/Partners when Customers/Partners interact with their content, advertisements, or services. Any access to and use of third-party links or websites is not governed by this Policy, but rather by the privacy policies of those third parties. DXG is not responsible for the information policies of third parties.

DXG may process Personal Data without the data subject's consent in the following cases:
  • In emergency situations, immediate processing of relevant Personal Data is necessary to protect the life and health of the data subject or others;
  • The public disclosure of Personal Data as prescribed by law;
  • The processing of data by competent state agencies in cases of national defense, national security, social order and safety emergencies, major disasters, dangerous epidemics; when there is a threat to national security and defense but not yet to the extent of declaring a state of emergency; riot prevention, terrorism prevention, crime prevention and law enforcement as prescribed by law;
  • To fulfill contractual obligations of the data subject with relevant agencies, organizations, and individuals as prescribed by law;
  • To serve the activities of state agencies as prescribed by specialized laws.

In case Customers/Partners have any questions about this Policy or wish to exercise their rights regarding Personal Data, please contact DXG using the methods and information below:
  • Contact the call center using the information on DXG's official websites/wapsites/applications at any given time.
  • Send a letter to the following address: Dat Xanh Group Joint Stock Company – 2W, Ung Van Khiem Street, Ward 25, Binh Thanh District, Ho Chi Minh City.
  • Contact directly at DXG's transaction points nationwide.
  • Other contact methods such as Livechat, contact via DXG's official fanpage, and customer service email are provided to Customers/Partners at all times.

Personal Data Protection Policy for Employees, Candidates, and Related Parties

Preface

DXG Group Joint Stock Company (hereinafter referred to as “DXG” or “we”) is committed to respecting and striving to ensure the confidentiality and rights of Data Subjects regarding the Personal Data of Employees, Candidates, and Related Parties. In processing the Personal Data of Data Subjects, we will implement and comply with the contents of the Personal Data Processing Policy for Employees, Candidates, and Related Parties (hereinafter referred to as the “Policy”).

This Policy applies to us as the Data Controller and Processor, and accordingly, DXG will determine the purpose, means, and direct processing of personal data. This Policy is publicly available on DXG’s official website.

DXG reserves the right to amend or supplement this Policy at any time. DXG will publicly publish the revised and amended Policy on DXG's official website. DXG encourages Data Subjects to regularly review the Policy to stay up-to-date on how we protect their Personal Data.

Within the scope of this Policy, the terms below shall be understood and interpreted as follows:
1. DXG/Company/Group: Dat Xanh Group Joint Stock Company.
2. Personal Data Processor: An organization that processes personal data on behalf of DXG pursuant to a contract or agreement with DXG.
3. Data Subject: An individual to whom the Personal Data relates and shall refer to Employees and/or Candidates and/or Related Persons.
4. Personal Data: Information in the form of symbols, letters, numbers, images, sounds, or similar forms in an electronic environment that is associated with a specific individual or helps identify a specific individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.
5. Processing of Personal Data: One or more activities affecting Personal Data such as collection, recording, analysis, confirmation, storage, modification, disclosure, access, retrieval, recall, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data, or other related actions.
6. Employee: Any individual having a labor or employment relationship with DXG under a probation contract, labor contract, vocational training contract, internship agreement, or other agreements in accordance with applicable laws.
7. Candidate: An individual who has submitted an application to become an employee, intern, or apply for other positions at DXG.
8. Related Person: Individuals related to the Data Subject, including but not limited to dependents, spouse, children, biological parents, adoptive parents, friends, referees, emergency contacts, and/or other individuals having any other relationship with the Data Subject.
9. Consent: A letter sent from the Data Subject to DXG, or forms/contracts executed between DXG and the Data Subject, or other legally compliant methods expressing agreement to the Processing of Personal Data. In cases where the Data Subject is a Candidate applying online, Consent shall be expressed by ticking the statement “I have read, understood and agree to DXG’s Personal Data Processing Policy” or similar declarations displayed on DXG’s documents or platforms corresponding to the purposes of personal data processing at DXG.

  1. This policy will specify the following:
    1. The scope and purpose of processing the Data Subject's personal data;
    2. The parties involved in the processing of personal data;
    3. The rights and obligations related to the Data Subject's personal data;
    4. The start and end times of processing personal data;
    5. The method of processing personal data;
    6. Possible unintended consequences and damages; and
    7. Other matters related to the processing of personal data.
  2. By submitting an application to DXG and/or by allowing DXG to use their personal data and/or that of related parties, the Data Subject accepts all terms and conditions detailed in this Policy (hereinafter referred to as “Terms and Conditions for Processing Personal Data”).
  3. By providing the Personal Data of the Data Subject to DXG, the Data Subject warrants and guarantees to DXG that the Data Subject has been fully informed of this Policy and that the Data Subject has obtained the consent and lawful authorization of the Data Subject for the Processing of Personal Data in accordance with the Terms and Conditions for Processing Personal Data in this Policy.
  4. The Terms and Conditions for Processing Personal Data in this Policy are an integral part of the agreements, contracts, terms and conditions governing the relationship between the Data Subject and DXG. In the event of any discrepancies and/or conflicts between the Terms and Conditions for Processing Personal Data and the terms and conditions for the same purposes set forth in agreements and/or contracts between the Data Subject and DXG (if any) concluded prior to, on the same date as, or after the date of this Policy, the Terms and Conditions for Processing Personal Data shall prevail and shall implicitly supersede those terms and conditions of such agreements and/or contracts.

  1. Scope of Processing: Depending on the case, DXG will process all or part of the basic and sensitive personal data of the data subject, including:
    1. Basic Personal Data
      • Surname, middle name, and given name, other names (if any);
      • Date of birth; date of death or disappearance;
      • Gender;
      • Nationality;
      • Place of birth, permanent residence, temporary residence, hometown, contact address;
      • Phone number, email, ID card number, citizen identification number, passport number, driver's license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number, work permit number and information on work permits, visas;
      • Marital status, information about family relationships (parents, spouse, children, etc.);
      • Information about related persons;
      • Resume or CV, cover letter, relevant or previous work experience; Educational qualifications, transcripts, or other information provided by the Data Subject to DXG for registration, application, or recruitment process;
      • Reference information and information obtained from background checks (if any), including information provided by third parties;
        Personal data reflecting work experience, education & training, awards & disciplinary actions;
      • Images, videos, and audio recordings of the individual (including but not limited to images on application profiles or images and voices of the Data
      • Subject recorded by online conferencing platforms, or images collected through security surveillance equipment in the office/building);
      • Information on work locations and travel history;
      • Information on the Data Subject's personal skills, other talents, and interests (if any);
      • Results from any aptitude or personality tests completed and provided by the
      • Data Subject to DXG;
      • Information regarding the Data Subject's employment, rank, and position;
      • Any other information required by law or voluntarily provided by the Data Subject to DXG during the recruitment and/or employment at DXG that is not classified as Sensitive Personal Data;
      • Other information associated with or helping to identify a specific individual that is not classified as Sensitive Personal Data;
    2. Sensitive Personal Data:
      • Bank account number;
      • Political and religious views;
      • Information on criminal offenses and criminal conduct in criminal records;
      • Financial information such as salary, allowances, bonuses, and other benefits (as subject to change or adjustment from time to time);
      • Health and personal status recorded in medical records;
      • Racial and ethnic origin;
      • Images, fingerprints;
      • Location data of an individual identified through location services;
      • Other personal data is considered specific by law and requires necessary security measures.

DXG processes the Data Subject's Personal Data for the following purposes (hereinafter referred to as "Processing Purposes"):
  • Verifying the Data Subject's identity and the accuracy of the information provided, checking references, and conducting background checks (if necessary).
  • Evaluating and assessing the eligibility and suitability of the Candidate for the job being applied for or similar future employment opportunities, or identifying potential conflicts of interest.
  • Preparing for the signing of probationary contracts, employment contracts, vocational training contracts, internship agreements, and other agreements as required by law; signing and fulfilling obligations under such contracts and agreements.
  • Performing procedures related to the recruitment of the Data Subject, including cases of unsatisfactory or satisfactory evaluations; and proposing job offers.
  • Fulfilling obligations regarding taxes, social insurance, labor, trade unions, and organizing health check-ups for employees as required by law; providing information and personal data of DXG employees upon request from competent state agencies, including but not limited to labor, insurance, statistics, trade unions, the State Bank, and tax authorities.
  • Paying salaries, bonuses, and implementing policies, regulations, and welfare policies for employees according to DXG's internal regulations, labor agreements, and other internal rules, including managing insurance and other benefits for employees and their dependents.
  • Conducting courses and training to enhance soft skills or other skills and awareness necessary for recruitment processes, talent planning, training to meet job requirements, or for the implementation of probationary contracts and employment contracts with DXG.
  • Arranging business trips, events and activities, training programs, vocational training, or internal employee rotation.
  • Evaluating the competence and suitability of employees for new job positions (applicable in cases of promotion).
  • Managing internal human resources, maintaining databases to serve DXG's needs; compiling and updating employee information. Communicating internally about disciplinary actions to build an effective and disciplined work culture;
  • Implementing risk control and management, conducting internal investigations and disciplinary actions if violations occur, and resolving labor disputes.
  • Auditing, settling accounts, reporting, statistics, surveys, and analyzing personnel, labor, salary, tax, social insurance, and health insurance data.
  • In order to conclude, implement, and comply with agreements and contracts between DXG and other parties.
  • Exchange contact information of employees with customers and/or suppliers/partners related to the employee's job position.
  • Seek any professional advice (including but not limited to legal advice) related to any issues of DXG and/or the Data Subject.
  • Compile and classify officers and employees eligible for preferential loans from DXG during the year.
  • Provide Data Subjects with information about DXG, its services and products;
  • Provide units and branches (if any), service providers, or other relevant third parties to conduct activities processing Personal Data on behalf of or authorized by DXG and for processing purposes.
  • Assist employees in obtaining immigration visas or work permits when necessary; establish contact in case of emergency.
  • Manage and ensure security and safety at the workplace.
  • To perform other activities related to labor relations or for any other purpose required or permitted by any law, regulation, or guideline of competent State authorities.
  • For any other purpose permitted by Vietnamese law.
The above purposes may continue to apply, even if the Data Subject withdraws their application at DXG (for Data Subjects who are Applicants), terminates or changes their labor relationship with DXG (for Data Subjects who are Employees), for a reasonable period thereafter (including during the period allowing DXG to exercise its rights under any contract with the Employee or as required by law).
If DXG processes the Data Subject's Personal Data for purposes other than those described herein, DXG will notify the Data Subject how we process this Personal Data and obtain additional consent before processing the Data Subject's Personal Data for those purposes in accordance with applicable laws and regulations.

  1. In full compliance with Vietnamese law, DXG may share part or all of the Data Subject's Personal Data with the following parties:
    1. Business units, branches/transaction offices, subsidiaries, affiliated companies (if any);
    2. Organizations and individuals acting as Data Processing Parties, including, but not limited to:
      • Providers of goods and services, including but not limited to courier services, human resource services, work permit and visa services;
      • Recruitment partners, candidate search and job placement partners;
      • Training and coaching partners;
      • Healthcare and medical examination partners, hospitals;
      • Tourism and transportation service partners;
      • Cloud storage and information technology service providers;
      • Analytical and strategic service providers; Professional consulting firms (including, but not limited to, lawyers, legal advisors, financial advisors, accountants, auditors, and/or other professional consulting firms);
      • Notary offices, bailiffs;
      • Insurance companies or insurance brokers;
    3. Any third party to which the Data Subject allows DXG to share Personal Data, including, but not limited to, the Data Subject's related parties;
    4. Any competent state agency and/or units affiliated with such state agencies in accordance with Vietnamese law;
    5. Business Transfer: DXG has the right to share the Personal Data of Employees with other parties in connection with any merger, acquisition, consolidation, cooperation, restructuring, financing, or any other business transaction;
    6. Other third parties that DXG deems necessary for processing purposes or as required by law.
  2. On the other hand, DXG will treat the Data Subject's Personal Data as private and confidential, and, in addition to the parties mentioned above, DXG will not disclose Personal Data to any other party except:
    1. with the consent of the Data Subject;
    2. when DXG is required or permitted to disclose in accordance with the law;
    3. when DXG is required or permitted by a decision of a competent State authority;
    4. when DXG transfers rights and obligations under the agreement(s) between the Data Subject and DXG; and/or
    5. when DXG is compelled to fulfill its obligations to any competent State authority.

  1. Data subjects have the following rights regarding their Personal Data, unless otherwise provided by law:
    1. Right to know: Data subjects have the right to know about the processing of their Personal Data.
    2. Right to consent: Data subjects may consent or not consent to the processing of their Personal Data, except where the law permits the processing of Personal Data without the Data Subject's consent.
    3. Right to access: Data subjects have the right to access, view, edit, or request the editing of their Personal Data.
    4. Right to withdraw consent: Data subjects have the right to withdraw their consent.
    5. Right to delete data: Data subjects have the right to delete or request the deletion of their Personal Data.
    6. Right to restrict data processing: Data subjects have the right to request restrictions on the processing of their Personal Data.
    7. Right to provide data: Data subjects have the right to request the provision of their Personal Data to themselves.
    8. Right to object to data processing: Data subjects have the right to object to the processing of their personal data aimed at preventing or limiting the disclosure of personal data or its use for advertising or marketing purposes.
    9. Right to complain, denounce, and sue: Data subjects have the right to complain, denounce, and sue in accordance with the law.
    10. Right to claim compensation for damages: Data subjects have the right to claim compensation for damages when violations of regulations on the protection of their personal data occur.
    11. Right to self-protection: Data subjects have the right to self-protect in accordance with the Civil Code, other relevant laws, and Decree 13/2023/ND-CP on the Protection of Personal Data, and to request competent agencies and organizations to implement methods to protect their civil rights.
  2. When a Data Subject wishes to exercise any of their rights regarding their Personal Data that DXG controls and processes, the Data Subject must notify DXG using one of the methods specified in this Policy. Upon receiving a complete and valid request, DXG will endeavor to fulfill that request within the timeframe required by law and, if unable to do so for any reason, DXG will notify the Data Subject, unless Vietnamese law prohibits DXG from notifying the Data Subject.
  3. If the Data Subject, who is a Candidate, exercises their right to withdraw their consent to the Data Subject's Personal Data or requests the correction, deletion, and/or destruction of Personal Data, thereby preventing DXG from continuing the interview process, DXG will consider that request to exercise that right as the Candidate's withdrawal from the position at DXG.
  4. In the event that the Data Subject, being an Employee, exercises their right to withdraw consent to the Data Subject's Personal Data or requests the correction, deletion, and/or destruction of Personal Data, thereby preventing DXG from entering into a contract with the Employee, DXG will consider such a request to exercise that right as an act by the Employee of refusing to enter into an employment contract. If the exercise of the aforementioned right by the Data Subject prevents DXG from fulfilling its obligations to the Employee under the contract or agreement with the Employee, DXG will not be liable to the Employee for any losses arising from the exercise of these rights.
  5. To avoid confusion, when a Data Subject exercises their right to withdraw consent:
    1. Such withdrawal of consent will only be legally effective against DXG from the time the Data Subject submits such request to DXG and DXG has completed the identification process to determine the Data Subject's rights, and will not have retroactive effect on consents of the Data Subject made before that time; and
    2. Such withdrawal of consent will only apply to specific Personal Data Processing purposes and not to all Personal Data Processing purposes as defined in this Policy, unless the Data Subject specifically specifies otherwise.

Data subjects have the following obligations regarding their personal data:
  1. To protect their own personal data; to request other relevant organizations and individuals to protect their personal data. If personal data is disclosed due to negligence or any error on the part of the data subject, the data subject must accept the risks and damages that may occur.
  2. To respect and protect the personal data of others.
  3. To provide DXG with complete and accurate personal data when consenting to its processing.
  4. To participate in the dissemination of personal data protection skills organized by DXG or its partners and service providers, and to be aware that any non-compliance may result in risks to the data subject's personal data.
  5. To promptly update DXG if there are any changes to the personal data provided by the data subject.
  6. Provide legally valid documentation upon request from DXG to prove that the Data Subject obtained the necessary consent and permission from the Related Party to provide their personal data.
  7. Comply with legal regulations on the protection of personal data and participate in preventing and combating violations of regulations on the protection of personal data.

DXG processes the Data Subject's Personal Data from the moment it receives the Data Subject's consent to the processing of that Personal Data. The Data Subject's Personal Data will be processed for the period necessary to achieve the Processing Purposes and/or to fulfill the obligations that DXG has notified to the Data Subject and/or to fulfill the agreements and/or contracts that DXG has entered into with the Data Subject, unless a longer retention period for the Personal Data is required or permitted by relevant legal regulations (e.g., for inspection, tax, labor, and auditing purposes). Some types of Personal Data may be retained for longer periods than others.

  1. Collection of Personal Data: DXG and/or the Personal Data Processing Party(ies) may collect the Personal Data of Data Subjects from various legitimate sources, including but not limited to:
    1. Directly provided to DXG by the Candidate during the interview process;
    2. Directly provided to DXG by the Employee when entering into a contract with DXG and during employment at DXG;
    3. From exchanges, communications, and interactions with the Data Subject;
    4. From audio and video recording devices connected to security systems located at business units/branches/transaction offices and at DXG;
    5. Provided by the Data Subject to third parties (organizations or individuals outside DXG and the Personal Data Processing Party but authorized to process Personal Data) and consenting to that third party providing the data to DXG. For the purposes of this regulation, third parties may include, but are not limited to, providers of services related to communications, recruitment, market research, marketing, fraud prevention, data collection, and/or other third parties involved in DXG's operations;
    6. From DXG's Personal Data Processing Parties (including business partners), Affiliated Banks, publicly available data sources or data sources of competent state authorities, and other sources;
    7. From any other sources and/or third parties not mentioned above that process personal data in accordance with Vietnamese law and have obtained the data subject's consent to provide it to other parties, including DXG.
    DXG will use all methods permitted by Vietnamese law to collect Personal Data from the sources mentioned above, including, but not limited to, landline telephone systems, telephone switchboards, mobile phones, email, laptops, CCTV cameras, and other electronic transaction systems.
  2. Processing of Personal Data Obtained from Recording Activities in Public Places:
    1. DXG may collect and process image data of individuals and information obtained from security systems (e.g., audio and video recordings from areas equipped with CCTV surveillance cameras, including but not limited to branches, business units, and headquarters, including transaction counters, corridors, entrances, and parking lots) for the purpose of protecting national security, public order and safety, and the legitimate rights and interests of organizations and individuals as prescribed by law, without requiring the consent of the Data Subject.
    2. At DXG, the security and CCTV systems operate 24/7 to ensure the safety and order of Data Subjects, prevent crime, protect facilities, and prevent fires. DXG commits to processing only the Personal Data of Data Subjects in accordance with the contents of this Policy and the provisions of the law.
  3. Processing of Children's Personal Data
    1. DXG processes children's personal data in accordance with the principle of protecting the rights and best interests of children. Before processing children's personal data, DXG will take appropriate measures to verify the child's age.
    2. DXG may receive personal data of children who are employees' children, relatives, dependents, etc., and process this personal data for the purposes specified in Article 4 of this Policy. DXG only processes children's personal data on the basis of an agreement with the employee for the purposes of processing. Employees are responsible for ensuring that children have been fully informed of the relevant Processing Purposes and have obtained the consent of the child in the case of children aged 7 years and older, and the consent of their parents or guardians as prescribed, except as stipulated in Article 17 of Decree 13/2023/ND-CP dated April 17, 2023, before providing such information to DXG.
  4. Transfer of Personal Data Abroad
    1. DXG may transfer or grant access to the Personal Data of Data Subjects to partners and service providers abroad for processing in accordance with the Processing Purposes agreed upon by the Data Subject. In some other cases, DXG's partners and service providers based in Vietnam may use equipment and data processing systems located outside the territory of Vietnam to process Personal Data on behalf of DXG. These cases are all considered as transferring the Data Subject's Personal Data abroad.
    2. It should be noted that some countries may have lower or higher levels or practices regarding the protection of Personal Data than Vietnam. In all cases involving the transfer of Personal Data abroad, DXG will endeavor to implement appropriate measures to ensure the protection of the Data Subject's Personal Data, including signing data security agreements and commitments, selecting appropriate Data Processing Partners with clearly defined tasks, and only working with partners who have appropriate safeguards in place.

Please note that, while DXG always strives to ensure that the Personal Data of Data Subjects is best protected in accordance with the law, DXG cannot completely and absolutely eliminate all risks to Personal Data during processing. The transmission of information via the Internet or DXG's internal information systems still carries certain risks arising from force majeure events or incidents, and cyber security crimes such as cyberattacks, cyberterrorism, unauthorized cyber espionage, disruption of data processing, or leakage of Personal Data. In such cases, DXG will immediately take necessary actions to prevent, remedy, and minimize any potential damage to Personal Data, and will cooperate with competent state authorities to handle the violation. The data subject also agrees that, to the extent that reasonable measures have been taken to prevent such harms, DXG will not be liable for damages caused by the actions of any third party that adversely affect the Employee's Personal Data through no fault of DXG.

DXG's websites/wapsites/applications may include third-party advertisements and links to other websites/wapsites/applications. Third-party advertising partners may collect information about Customers/Partners when Customers/Partners interact with their content, advertisements, or services. Any access to and use of third-party links or websites is not governed by this Policy, but rather by the privacy policies of those third parties. DXG is not responsible for the information policies of third parties.

In case Customers/Partners have any questions about this Policy or wish to exercise their Personal Data rights, please contact DXG using the methods and information below:
  1. Contact the call center using the information on DXG's official websites/wapsites/applications at any given time.
  2. Send a letter to the following address: Dat Xanh Group Joint Stock Company – 2W, Ung Van Khiem Street, Ward 25, Binh Thanh District, Ho Chi Minh City.
  3. Contact directly at DXG's transaction points nationwide.