The FPT Smart Cloud Company Limited (“FPT Smart Cloud”) builds this Personal Data Protection Policy (“Policy”) for our customers to understand the purposes, scope of information we process, as well as the measures we apply to protect personal information and Customer rights regarding these activities.
This policy is an inseparable part of the Contract, Terms of Use, Policies, and other usage agreements of FPT Smart Cloud, published on FPT Smart Cloud’s channels from time to time.
Article 1. Definition of Terms
1.1. FPT Smat Cloud: refers to the FPT Smart Cloud Company Limited, Tax ID 0109307938. Headquarters at No. 10 Pham Van Bach, Dich Vong Ward, Cau Giay District, Hanoi, Vietnam.
1.2. The customer: refers to individual customer that provides information to FPT Smart Cloud in the process of registering for or using services provided FPT Smart Cloud.
1.3. Personal data: refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data.
1.4. General personal data includes:
(a) Last name, middle name and first name, other names (if any);
(b) Date of birth; date of death or going missing;
(c) Gender;
(d) Place of birth, registered place of birth; placement of permanent residence; place of temporary residence, current place of residence; hometown; contact address;
(e) Nationality;
(f) Personal image;
(g) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;
(h) Marital status;
(i) Information about the individual’s family relationship (parents, children);
(j) Digital account information; personal data that reflects activities and activity history in cyberspace;
(k) Information associated with an individual or used to identify an individual other than sensitive personal information;
(l) Other information as prescribe by law.
1.5. Sensitive personal data refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, including:
(a) Political and religious opinions;
(b) Health condition and personal information stated in health record, excluding information on blood group;
(c) Information about racial or ethnic origin;
- d) Information about genetic data related to an individual’s inherited or acquired genetic characteristics;
- e) Information about an individual’s own biometric or biological characteristics;
- f) Information about an individual’s sex life or sexual orientation.
- g) Data on crimes and criminal activities collected and stored by law enforcement agencies;
- h) Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
- i) Personal location identified via location services;
- J) Other specific personal data as prescribed by law that requires special protection.
1.6. Personal data protection refers to an act of preventing, detecting and handling violations related to personal data in accordance with the law..
1.7. Personal data processing refers to one or multiple activities that impact on personal data, including collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction or other relevant activities
1.8. FPT Smart Cloud transactional channels includes digital transactional channels of FPT Smart Cloud (Hotline, Facebook, Registration Form on the Website ….) or other transactional channels provided by FPT Smart Cloud to customers from time to time.
Article 2. Scope of Data Processing
2.1. FPT Smart Cloud processes the personal information of customers as below:
(a) Last name, middle name and first name, other name (if any);
(b) Phone number
(c) Email
2.2. The Personal data for processing includes data that customers provide to FPT Smart Cloud upon service registration and any information arising during the period that customers use FPT Smart Cloud services.
Article 3. Regulations of Data Protection at FPT Smart Cloud
3.1. The personal data shall be protected and secured by the regulations of FPT Smart Cloud and legal regulations. The personal data shall be processed given customer consent, unless otherwise prescribed by law.
3.2. FPT Smart Cloud shall not use, transfer, provide, or share personal data to any third parties without customer consent, unless otherwise prescribed by law.
3.3. Other regulations as prescribed by law.
Article 4. Purposes of Data Processing
4.1. The customer allows FPT Smart Cloud to process Personal data and share data processing results for these purposes:
a) Support customer, update customer information for any purchase or use of products/services provided by FPT Smart Cloud or partners of FPT Smart Cloud.
b) Provide products, services of FPT Smart Cloud as well as products, services provided by FPT Smart Cloud in cooperation with the partner.
c) Organize trade introduction and promotion, market research, public opinion polling, brokerage.
d) Conduct research, develop new services, and provide appropriate products, services to customers.
e) Conduct marketing, advertisement campaigns for products and services.
f) Measure, analyze internal data, evaluate and other processing to improve service quality provided by FPT Smart Cloud to customers.
g) Investigate, resolve conflicts and customer complaints.
h) Adjust, update, secure, and improve products, services, and equipments provided by FPT Smart Cloud.
i) Authenticate identity and ensure security of customer information.
j) Notify to customers regarding any changes to policies and promotions of products and services provided by FPT Smart Cloud.
k) Prevent fraud, identity thefts, and other illegal activities.
l) Comply with applicable laws, relevant industry standards, and other applicable laws of FPT Smart Cloud.
m) Other purposes that serve operating activities of FPT Smart Cloud and any purposes that FPT Smart Cloud notifies to customers at the time of information collection or prior to relevant data processing or other requirements or otherwise provided by law.
4.2. In case of data processing for other purposes or as required by customers, FPT Smart Cloud shall notify customers via transactional channels of FPT Smart Cloud to obtain customer consent.
Article 5. Personal Data Processor
5.1. FPT Smart Cloud Company Limited, Tax ID: 0109307938. Headquarters at No. 10 Pham Van Bach, Dich Vong Ward, Cau Giay District, Hanoi, Vietnam.
5.2. FPT Smart Cloud will share or jointly process personal data with the following organizations and individuals:
a) FPT Corporation and member companies under FPT Corporation.
b) Member companies that FPT Smart Cloud directly or indirectly owns.
c) Contractors, agents, partners, and operational service providers of FPT Smart Cloud.
d) Branches, business units and employees working at branches, business units and agents of FPT Smart Cloud.
e) Telecommunication businesses in case the Customer violates the obligation to pay service fees.
f) Commercial stores and retailers involved in implementing FPT Smart Cloud promotional programs.
g) FPT Smart Cloud’s professional advisors such as auditors and lawyers according to the provisions of law.
h) Courts and competent agencies in accordance with the provisions of law and/or when required and permitted by law.
FPT Smart Cloud commits to sharing or jointly processing personal data in related to the Purposes stated in Article 4 of this Policy or as prescribed by law. Organizations and individuals that receive the Customer’s personal data shall comply with the provisions of this Policy and relevant laws on personal data protection.
Although FPT Smart Cloud will make every effort to ensure that Customer information is anonymized/encrypted, the risk of unintended data disclosure may not be completely excluded in case of force majeure.
5.3. In case of participation of other personal data processors mentioned in this Article, the Customer agrees that FPT Smart Cloud will notify Customer through FPT Smart Cloud’s transactional channels prior to the execution.
Article 6. Personal Data Processing in Special Cases
FPT Smart Cloud ensures that the processing of personal data fully complies to legal requirements in the following special cases:
6.1. Surveillance camera (CCTV) footage, in specific cases, can be used for the following purposes:
a) quality assurance purposes;
b) public security and occupational safety purposes;
c) detect and prevent suspicious, inappropriate or unauthorized uses of FPT Smart Cloud utilities, products, services and/or facilities;
d) detect and prevent criminal acts; and/or
e) conduct investigations of incidents.
6.2. FPT Smart Cloud always respects and protects children’s personal data. In addition to mechanisms for personal data protection as prescribed by law, prior to processing children’s personal data, FPT Smart Cloud shall verify the child’s age and request the consent of:
a) the child and/or
b) parent or guardian of the child as prescribed by law.
6.3. In addition to compliance to other relevant legal regulations, for the processing of personal data related to personal data of people declared missing/deceased, FPT Smart Cloud shall obtain consent from one of the related persons according to the provisions of current law.
Article 7. Storage of Personal Data
FPT Smart Cloud shall store personal data relevant to the intended purposes in the Policy. FPT Smart Cloud shall store personal data in a period of time as prescribed by law.
Article 8. Rights of Customers
8.1. The customer has the right to be informed of his/her personal data processing, unless otherwise provided for by law.
8.2. The customer has the right to give consent to the processing of his/her personal data, unless otherwise provided by law.
8.3. The customer has the right to access his/her personal data in order to look at, rectify, or request rectification of his/her personal data, unless otherwise provided for by law.
8.4. The customer has the right to withdraw his/her consent by documentation to FPT Smart Cloud, unless otherwise provided for by law.
8.5. The customer has the right to delete or request deletion of his/her personal data, unless otherwise provided for by law.
8.6. The customer has the right to obtain restriction on the processing of his/her personal by documentation to FPT Smart Cloud, unless otherwise provided for by law. The restriction shall be implemented by FPT Smart Cloud within 72 hours after receiving request of the customer, and all personal data that the customer requests the restriction, unless otherwise provided for by law.
8.7. The customer has the right to request to provide his/her personal data by documentation to FPT Smart Cloud, unless otherwise provided for by law.
8.8. The customer has the right to object FPT Smart Cloud and Personal Data Controller-cum-Processor as described in Article 5 by documentation to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes, unless otherwise provided for by law. FPT Smart Cloud shall implement the customer request within 72 hours after receiving the request, unless otherwise provided for by law.
8.9. The customer has the right to file complaints, denunciations, and lawsuits as prescribed by law.
8.10. The customer has the right to claim damage as prescribed by law when FPT Smart Cloud violates against regulations on protection of his/her personal data, unless otherwise agreed by parties or unless otherwise prescribed by law.
8.11. The customer has the right to self-protection according to regulations in the Civil Code, other relevant laws, or request competent agencies and organizations to implement civial right protection methods according to regulations in Article 11 of the Civil Code.
8.12. Other rights as prescribed by law.
8.13. Method to exercise rights: by documentation sent to FPT Smart Cloud or call the hotline 1900 638 399 or send an email to the address [email protected] for instructions.
Article 9. Obligations of Customers
9.1. Comply with legal regulations, regulations and guidelines provided by FPT Smart Cloud in relation to Personal data processing.
9.2. Fully and accurately provide his/her personal dat, other information required by FPT Smart Cloud upon the registration and use of services provided by FPT Smart Cloud and when there are changes to such information. FPT Smart Cloud shall proceed to protect personal data based on the information provided by customers, therefore, FPT Smart Cloud shall not be responsible in case such information affects or restricts customer rights. In case of failure to notify, if there is a risk or loss, the Customer is responsible for errors or acts of exploitation, fraud when using the service due to his/her actions or for not providing the correct, complete, accurate, and timely change of information; including financial damage, costs incurred due to incorrect or inconsistent information provided.
9.3. Cooperate with FPT Smart Cloud, competent agencies, or a third-party in case an occurrence affects the security of personal data.
9.4. Protect his/her own personal data, apply mechanisms of personal data protection when in use of services provided by FPT Smart Cloud; notify FPT Smart Cloud in a timely manner when detecting inaccuracies, mistakes on personal data or suspicion a violation in personal data.
9.5. Is responsible for information, data, and consent given by the customer, operated on the internet environment; and is responsible in case the personal data is leaked or violated due to his/her action.
9.6. Frequently update regulations, policies on personal data protection provided by FPT Smart Cloud as notified to customers or published on transactional channels of FPT Smart Cloud. Strictly follow guidances provided by FPT Smart Cloud to give consent for the purposes of personal data processing provided by FPT Smart Cloud from time to time.
9.7. Respect and protect others’ personal data
9.8. Participate in dissemination of personal data protection skills.
9.9. Other obligations as prescribed by law.
Article 10. Rights of FPT Smart Cloud
10.1 Process personal data according to the purpose, scope, and other contents agreed with the customer and/or consented by the Customer.
10.2 Rectify, supplement content, or replace this Policy from time to time and ensure that the customer is notified through FPT Smart Cloud’s transactional channels prior to implementation. If the Customer continues to use products and services, perform, and conclude transactions with FPT Smart Cloud after FPT Smart Cloud has notified, it is understood that the Customer accepts all rectification, supplements, and replaces this Policy of FPT Smart Cloud.
10.3 Refuse customer requests for legal reasons or infrastructure, technical or technological reasons.
10.4 Decide on appropriate measures to protect the personal data.
10.5 Exempt from all obligations and responsibilities for risks that may occur during the personal data processing, including but not limited to data loss due to system errors or objective causes beyond the control of FPT Smart Cloud.
10.6 Other rights as specified in this Policy and as prescribed by law.
Article 11. Obligations of FPT Smart Cloud
11.1. Comply with legal regulations during the personal data processing.
11.2. Implement appropriate measures for data security to prevent illegal access, rectification, use, or disclosure of personal data.
11.3. Fulfill legal requests of the customer relevant to his/her personal data.
11.4. Develop mechanisms for the customer to exercise his/her rights relevant to personal data.
11.5. Cooperate with competent agencies and other related organizations, individuals to minimize damages in case of detecting violations against personal data laws.
11.6. Other obligations as prescribed by law.
Article 12. Method of Data Processing
FPT Smart Cloud implements one or more mechanisms that affect personal data such as: collecting, recording, analyzing, verifying, rectifying, publishing, integrating, accessing, extracting, recalling, encrypting, decrypting, duplicating, sharing, transmitting, providing, transferring, deleting, and destroying of personal data or other relevant mechanisms.
Article 13. Unexpected Consequences, Damages
13.1 FPT Smart Cloud uses various security technologies to protect personal data from unintended exploitation, use, or transfer. Nevertheless, no data is 100% secured. FPT Smart Cloud shall secure personal data at the best capabilities.
Several unexpected consequences and damages include but not limited to:
(a) Hardware, software malfunction during the personal data processing that leads to the loss of customer information.
(b) Vulnerabilities beyond the control capabilities of FPT Smart Cloud, the system is attacked by hacker that results in data breach;
(c) Customers self-disclose personal data due to carelessness or fraud, visit websites/download applications containing malware…
13.2 FPT Smart Cloud recommends the customer keep confidential information related to the login password and OTP code and not share the login password and OTP code with anyone else
13.3 Customers shall preserve electronic devices during use. The customer shall lock, logout, or quit accounts on FPT Smart Cloud websites or applications when not in use.
13.4 In case the data storage server is attacked by hackers leading to loss of personal data, FPT Smart Cloud shall be responsible for reporting the incident to the investigating authorities and inform the customer in a timely manner.
Article 14. Cookies
14.1 When the customer uses or accesses websites of FPT Smart Cloud, FPT Smart Cloud shall place one or more cookies on the customer’s device. “Cookie” is a small file placed on the customer’s device when the customer visits a website that records information about the customer’s device, browser, and in some cases, preferences and browsing habits. FPT Smart Cloud shall use this information to identify the customer as he/she returns to FPT Smart Cloud websites, to provide personalized services on FPT Smart Cloud’s websites, to compile analytical data for better understanding of website operations, and to improve FPT Smart Cloud websites. The customer shall use his/her browser settings to restrict or block cookies on his/her device. However, if the customer decides not to accept or block cookies from FPT Smart Cloud websites, the customer shall not be able to utilize all the features of FPT Smart Cloud’s websites.
14.2 FPT Smart Cloud shall process personal data through cookie technology according to the provisions of these Terms. FPT Smart Cloud shall use remarketing to serve ads to individuals that are known for previously visiting FPT Smart Cloud website.
14.3 As third parties placing content on FPT Smart Cloud websites (e.g. social media features), those third parties may collect customer information (e.g. cookie data) if the customer chooses to interact with such third-party content or use third-party services.
Article 15. General Terms
15.1. This policy takes effect from July 1st, 2023. The customer shall understand and agree that this Policy may be amended from time to time and will be notified through FPT Smart Cloud’s transactional channels prior to implementation. Rectifications and effective dates shall be updated and announced on transactional channels and other channels of FPT Smart Cloud. As the customer continues to use the service after the notice period of amendments and supplements from time to time means that the customer is consent to those amendments and supplements.
15.2. The customer shall be informed and agree that this Policy is the Notice of Personal Data Processing specified in Article 13 of Decree 13/ND-CP/2023 and amended and supplemented from time to time before FPT Smart Cloud conducts Personal Data Processing. Accordingly, FPT Smart Cloud is not responsible to take any additional measures for the purpose of notifying the customer of personal data processing.
15.3. The customer shall strictly comply with the provisions of this Policy. For issues that have not been regulated, the parties agree to comply with the provisions of law, instructions of competent agencies and/or amendments and supplements to this Policy notified to the customer by FPT Smart Cloud from time to time.
15.4. This policy is agreed upon on the basis of goodwill between FPT Smart Cloud and the customer. During the implementation process, if any disputes arise, the parties shall proactively resolve them through negotiation and conciliation. In case conciliation fails, the dispute shall be brought to the competent People’s Court for resolution according to the provisions of law
15.5. The customer shall read, understand the rights and obligations, and agree to the entire content of this Personal Data Protection Policy.
Information about the person in charge of FCI’s Personal Data Protection:
Person in charge: Pham The Minh
Mobile: +84 913571357
E-mail: [email protected]