Personal Data Collection and Processing Policy (“Policy”) is implemented by Duy Anh Fashion and Cosmetics Joint Stock Company; Enterprise Registration Certificate/Tax Code No. 0304130177; Head office address: 3rd Floor, Centec Tower, 72–74 Nguyen Thi Minh Khai Street, Xuan Hoa Ward, Ho Chi Minh City, Vietnam (“DAFC” or “Company”), describing activities related to the Processing of Customers’ Personal Data.
This Policy forms an integral part of the contracts, agreements, terms, and conditions governing the relationship between DAFC and Customers.

Article 1: SCOPE AND APPLICABILITY

This Policy monitors how DAFC processes the Personal Data of Customers and/or individuals who jointly use DAFC’s products/services with the Customer when using products/services provided by DAFC and/or when interacting with the Website. For clarity, this Policy applies only to individual Customers. DAFC encourages Customers to read this Policy carefully and regularly check DAFC’s Website for any updates that DAFC may make in accordance with the terms of this Policy.

Article 2: DEFINITIONS 

  • Customer: An individual who accesses, explores, registers, purchases, uses products or services, or is otherwise involved in the operational process of providing products and services by DAFC.
  • DAFC or Company: Duy Anh Fashion and Cosmetics Joint Stock Company, Enterprise Registration Certificate/Tax Code No. 0304130177, headquartered at 3rd Floor, Centec Tower, 72–74 Nguyen Thi Minh Khai Street, Xuan Hoa Ward, Ho Chi Minh City, Vietnam.
  • Personal Data or PD: Information in the form of symbols, letters, numbers, images, sounds, or similar forms in an electronic environment associated with a specific individual or enabling the identification of a specific individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.

Basic Personal Data includes:

  • Full name, birth name, other names (if any);
  • Date of birth, date of death or disappearance;
  • Gender;
  • Place of birth, place of birth registration, permanent residence, temporary residence, current address, hometown, contact address;
  • Nationality;
  • Individual’s image;
  • Phone number, ID card number, personal identification number, passport number, driver’s license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number;
  • Marital status;
  • Family relationship information (parents, children);
  • Personal account information; Personal Data reflecting activities or activity history in cyberspace;
  • Other information associated with or identifying a specific individual that does not fall under Sensitive Personal Data;
  • Other data as prescribed by current laws.

Sensitive Personal Data includes:

  • Political opinions, religious beliefs.
  • Health status and private life recorded in medical records, excluding blood group information.
  • Information related to racial or ethnic origin.
  • Genetic information inherited or acquired by the individual.
  • Information on physical attributes, unique biological characteristics.
  • Information on sexual life, sexual orientation.
  • Criminal data, criminal acts collected and stored by law enforcement agencies.
  • Customer information of credit institutions, foreign bank branches, intermediary payment service providers, and other permitted organizations, including customer identification information as prescribed by law, account information, deposit information, asset information, transaction information, information on organizations or individuals acting as guarantors.
  • Location data of individuals determined through positioning services.
  • Other Personal Data defined by law as special and requiring necessary security measures.

Personal Data Protection: Activities to prevent, detect, stop, and handle violations related to Personal Data in accordance with the law.

Personal Data Processing: One or more activities impacting Personal Data, such as: collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other related actions.

Company’s Partner: An organization or individual providing products, services, and/or operations for DAFC under contracts, agreements, or other legally equivalent forms.

Third Party: Any organization or individual other than DAFC and the Customer as defined in this Policy. For clarity, any terms not explained in this section shall be understood and applied according to current Vietnamese law.

DAFC Transaction Channels: Including Websites, retail channels at DAFC stores, electronic transaction channels, and/or other channels for providing products/services or serving the needs of DAFC and Customers.

Article 3. PURPOSES OF PROCESSING YOUR PERSONAL DATA

The Customer agrees to allow DAFC to process their Personal Data for one or more of the following purposes:

  • Provide products or services or assist the Customer in using products/services of the Company and/or the Company’s Partners through cooperation agreements requested by the Customer;
  • Advise, evaluate, handle, respond to, or resolve inquiries, requests, feedback, questions, instructions, or complaints from the Customer; as well as perform after-sales activities and customer care;
  • Adjust, update, secure, and improve products, services, applications, and devices provided by DAFC to the Customer;
  • Verify identity and ensure the security of the Customer’s personal information;
  • Fulfill service requests and support needs of the Customer;
  • Notify the Customer of changes to policies, promotions of products/services provided by the Company; exchange information, including but not limited to promotional services, advertising campaigns related to products/services via methods such as phone calls, electronic communication channels like email, fax, etc.
  • Measure, analyze internal data, and perform other processing to improve and enhance the quality of the Company’s products/services or conduct marketing communication activities;
  • Organize market research and public opinion surveys to improve product/service quality or develop new products/services to better meet Customer needs;
  • Prevent and combat fraud, identity theft, and other illegal activities;
  • Establish, exercise, or protect DAFC’s or the Customer’s legal rights. These purposes may include data exchange with other companies and organizations to prevent and detect fraud and minimize credit risks;
  • Comply with applicable laws, relevant industry standards, and other current Company policies.
  • Any other purpose specific to the Company’s operational activities;
  • Provide information to IPPG Group and affiliated companies to achieve the above purposes, provided that the recipient is bound by strict confidentiality terms equivalent to those in this document;
  • Any other purpose notified to the Customer at the time of collecting Personal Data or before commencing related processing, or as otherwise required or permitted by applicable law;
  • Maintain, check, and/or operate any system or platform necessary to provide any Company product/service or related to websites or mobile applications provided by the Company to the Customer;
  • Verify the Customer’s identity to process orders placed through the Company’s sales platforms such as websites or mobile applications;
  • Market, promote, improve, and enhance the provision of products/services by the Company and optimize the Customer experience related to products/services through the collection and processing of Customer data;
  • Share with organizations, affiliates, and the Company’s Partners, including entities within IPPG Group, to enable them to conduct market research, planning, customer surveys, trend analysis, and/or other related data analysis to better tailor offers, promotions, and/or other direct marketing activities for the Company;
  • Provide additional services or value-added services;
  • Manage and deliver benefits for loyal customers, rewards, promotions, contests, lucky draws, and other related benefits;
  • Notify the Customer about new products/services offered by the Company or any organization, affiliate, and the Company’s Partners.
  • Any other purpose that (i) is permitted or required by applicable laws, industry rules, or market regulations; (ii) is necessary, supplementary, or consequential to the above purposes; or (iii) the Company deems necessary to comply with applicable personal data protection laws.

DAFC will seek the Customer’s consent before using their Personal Data for any purpose other than those stated above, either at the time of collection or before commencing related processing, or as otherwise required or permitted by applicable law.

Article 4: CONFIDENTIALITY OF CUSTOMERS’ PERSONAL DATA

Privacy Principles

  • The Customer’s Personal Data is committed to being protected in accordance with DAFC’s regulations and applicable laws. The processing of each Customer’s Personal Data will only be carried out with the Customer’s consent, except where otherwise required by law.
    DAFC does not use, transfer, provide, or share the Customer’s Personal Data with any Third Party without the Customer’s consent, except where otherwise required by law.
    DAFC will comply with other Personal Data protection principles as prescribed by applicable laws.
  • Potential Unintended Consequences or Damages
    DAFC employs various information security technologies to protect the Customer’s Personal Data from unauthorized access, use, or sharing. However, no data can be guaranteed to be 100% secure. Therefore, DAFC commits to protecting the Customer’s Personal Data to the maximum extent possible. Some potential unintended consequences or damages may include, but are not limited to:
  • Hardware or software errors during data processing causing data loss;
    Security vulnerabilities beyond DAFC’s control, such as system breaches by hackers leading to data leaks;
    Customers accidentally exposing Personal Data due to carelessness or being tricked into accessing malicious websites/downloading harmful applications, etc.
  • DAFC advises Customers to keep login credentials and OTP codes confidential and not share them with anyone.
  • Customers should safeguard their electronic devices during use and lock, log out, or exit their accounts on DAFC’s website or application when not in use.

Article 5: TYPES OF PERSONAL DATA PROCESSED BY DAFC

To enable DAFC to provide products and services to Customers and/or handle Customer requests, DAFC may need to and/or be required to collect Personal Data. The Customer’s Personal Data includes the following information:

  • Customer’s Basic Personal Data;
  • Data related to Websites or Applications: technical data (as mentioned above, including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Website, application usage statistics, application settings, date and time of connection to the application, location data, and other technical communication information); secure login details; usage data;
  • Marketing Data: advertising interests; cookie data; clickstream data; browsing history; responses to direct marketing; and opt-out preferences for direct marketing.
Basic personal data (pursuant to Clause 3, Article 2 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 2023 on personal data protection; included X in the prescribed data type)
Last name, middle name, and birth name

X

Nationality

X

Other names (if any) Images 

X

Date of birth

X

Phone Number

X

Date, month, year of death or disappearance Identity card number

X

Gender

X

Personal Identification Number

X

Birthplace Passport number 
Place of birth registration Driver’s License Number 
Permanent Residence License plate number 
Temporary Shelter Personal tax identification number 
Current Residence

X

Social insurance number 
Hometown Health insurance card number 
Contact Us

X

Marital Status 
Information about family relationships (parents, children) Information about an individual’s digital account

X

Personal data reflects cyber activity

X

History of operations in cyberspace

X

Other information associated with a specific person or helping to identify a specific person not specified in Clause 4 of this Article   

Article 6: DATA COLLECTING METHODS

DAFC collects Personal Data from Customers through the following methods:

Directly from Customers via various means:

  • When the Customer submits a registration request or fills out any other form related to DAFC’s products and services or those of the Company’s Partners;
  • When the Customer interacts with DAFC’s customer service staff, such as through phone calls, correspondence, face-to-face meetings, emails, or social media interactions;
  • When the Customer uses certain DAFC services or accesses platforms operated by the Company, such as websites and applications, including creating online accounts with DAFC; CCTV recordings;
  • When the Customer responds to marketing representatives or DAFC’s customer service staff;
  • When the Customer provides personal information to the Company for any reason, including registering for free trials or expressing interest in any of the Company’s products or services;
  • When the Customer purchases or uses services from Third Parties through DAFC or at DAFC’s transaction points or business locations;
  • The Company may also collect Personal Data from other lawful sources.

From Third Parties:

If the Customer interacts with Third-Party content or advertisements on DAFC’s Website or application, the Company may receive the Customer’s personal information from the relevant Third Party in accordance with its lawful privacy policy;
If the Customer chooses to make electronic payments directly to DAFC or through DAFC’s Website or application, DAFC may receive the Customer’s Personal Data from Third Parties such as payment service providers for that purpose;
To comply with legal obligations, DAFC may receive the Customer’s Personal Data from competent authorities.

Article 7: ORGANIZATIONS INVOLVED IN PERSONAL DATA PROCESSING

DAFC may share or jointly process Personal Data with the following organizations or individuals:

  • Lien Thai Binh Duong Import-Export Co., Ltd (IPPG Group);
  • The Company’s Partners;
  • Branches, business units, and employees working at DAFC’s branches, business units, and agents;
  • Retail stores and merchants involved in DAFC’s promotional programs;
  • DAFC’s professional advisors such as auditors, lawyers, etc., as required by law;
  • Courts and competent state authorities in accordance with legal requirements and/or upon lawful request.

DAFC commits that sharing or joint processing of Personal Data will only occur when necessary to fulfill the Processing Purposes stated in this Policy or as required by law. Organizations or individuals receiving Customer Personal Data must comply with this Policy and applicable laws on Personal Data Protection.
Although DAFC will make every effort to ensure Customer information is anonymized/encrypted, risks of disclosure cannot be completely excluded in force majeure situations as prescribed by law.
In cases involving other organizations mentioned above, the Customer agrees that DAFC will notify the Customer before proceeding.

Article 8: PROCESSING OF PERSONAL DATA IN SOME SPECIAL CASES

DAFC ensures that the processing of Customer Personal Data fully complies with legal requirements in the following special cases:

  • CCTV recordings may be used for purposes such as:
    • Quality assurance.
    • Public security and workplace safety.
    • Detecting and preventing suspicious, inappropriate, or unauthorized use of Company facilities, products, or services.
    • Detecting and preventing criminal acts and/or investigating incidents.
  • Children’s Personal Data: DAFC respects and protects children’s Personal Data. In addition to legal requirements, before processing children’s Personal Data, the Company will verify the child’s age and obtain consent from (i) the child and/or (ii) the child’s parent or legal guardian as required by law.
  • Personal Data of missing or deceased individuals: In addition to complying with relevant legal provisions, DAFC must obtain consent from one of the related persons as prescribed by current law before processing such data.

Article 9: CUSTOMER RIGHTS AND OBLIGATIONS REGARDING PERSONAL DATA PROVIDED TO DAFC

Customer Rights:

  • The Customer has the right to be informed about the processing of their Personal Data, except where otherwise required by law.
  • The Customer has the right to consent or refuse consent for the processing of their Personal Data, except where otherwise required by law.
  • The Customer has the right to access, review, edit, or request corrections to their Personal Data by submitting a written request to DAFC, except where otherwise required by law.
  • The Customer has the right to withdraw their consent by submitting a written request to DAFC, except where otherwise required by law. Withdrawal of consent does not affect the legality of data processing previously consented to before withdrawal.
  • The Customer has the right to delete or request deletion of their Personal Data by submitting a written request to DAFC, except where otherwise required by law.
  • The Customer has the right to request restriction of processing of their Personal Data by submitting a written request to DAFC, except where otherwise required by law. DAFC will implement the restriction within 72 hours after receiving the Customer’s request for all Personal Data specified, except where otherwise required by law.
  • The Customer has the right to request DAFC to provide their Personal Data by submitting a written request to DAFC, except where otherwise required by law.
  • The Customer has the right to object to DAFC or any organization processing their Personal Data as specified in this Policy by submitting a written request to DAFC to prevent or limit disclosure or use of Personal Data for advertising or marketing purposes, except where otherwise required by law. DAFC will fulfill the Customer’s request within 72 hours after receiving it, except where otherwise required by law.
  • The Customer has the right to file complaints, denunciations, or lawsuits in accordance with applicable laws.
  • To the maximum extent permitted by law, DAFC shall be exempt from legal liability, and the Customer agrees to indemnify DAFC for any damages related to Personal Data in all cases, except where DAFC violates Personal Data protection regulations under this Policy and applicable laws. In such cases, the Customer may only claim compensation as prescribed by law.
  • The Customer has the right to self-protection under the Civil Code and other relevant laws or request competent authorities or organizations to enforce civil protection measures.
  • The Customer has the right to revoke all or part of their consent at any time by sending an official written notice to the Company, in compliance with applicable data protection laws. The Customer acknowledges that revoking consent may limit their access to certain services, benefits, and rights as specified in this Policy.
  • Other rights as prescribed by applicable laws.

Customer Obligations

  • Comply with applicable laws, regulations, and DAFC’s guidelines related to the processing of Personal Data.
  • Provide complete, truthful, and accurate Personal Data and other information as requested by DAFC when registering and using DAFC’s services, and promptly update any changes to such information. DAFC will protect the Customer’s Personal
  • Data based on the information provided during registration; therefore, DAFC shall not be liable for any impact or limitation of Customer rights caused by inaccurate information. If the Customer fails to notify changes, they shall bear responsibility for any risks or losses arising from errors, misuse, or fraud due to their own fault or failure to provide correct, complete, accurate, and timely updates, including financial damages and costs incurred from incorrect or inconsistent information.
  • Cooperate with DAFC, competent authorities, or Third Parties in cases where issues affecting the security of Personal Data arise.
  • Protect their own Personal Data; proactively apply measures to safeguard their Personal Data while using DAFC’s services; promptly notify DAFC upon detecting any errors, inaccuracies, or suspected breaches of their Personal Data.
  • Assume responsibility for any information, data, or consent they create or provide online; bear responsibility if their Personal Data is leaked or compromised due to their own fault.
  • Regularly update DAFC’s regulations and policies as notified or published on DAFC’s websites or other transaction channels from time to time. Follow DAFC’s instructions to clearly indicate consent or refusal regarding Personal Data processing purposes communicated by DAFC.
  • Respect and protect the Personal Data of others.
  • Fulfill other obligations as prescribed by applicable laws.

Article 10: DURATION OF PROCESSING AND STORAGE OF PERSONAL DATA

  • Processing Period: Begins when the Customer consents to the Company processing their Personal Data or uses the Company’s products/services and continues until the Customer completely ceases using the Company’s products/services or requests deletion of Personal Data as specified below.
  • Storage Period: Begins when the Customer consents to the Company processing their Personal Data or uses the Company’s products/services and continues until the Customer completely ceases using the Company’s products/services or requests deletion of Personal Data as specified below.

Cases where the Customer may request immediate deletion of Personal Data:

  • Withdrawal of consent;
  • Determining that the data is no longer necessary for the agreed collection purpose and accepting any potential consequences of deletion;
  • Objecting to data processing and DAFC has no legitimate reason to continue processing;
  • Personal Data is processed for purposes other than those consented to or in violation of legal regulations;
  • Personal Data must be deleted as required by law.

Cases where DAFC may refuse deletion despite the Customer’s request:

  • Any request is prohibited by law;
  • Personal Data is processed by competent state authorities for official purposes as prescribed by law;
  • Personal Data has been lawfully disclosed;
  • Personal Data is processed for legal requirements, scientific research, or statistical purposes as prescribed by law;
  • In emergencies related to national defense, security, public order, major disasters, dangerous epidemics; when there is a threat to security or defense but not at the level of declaring a state of emergency; prevention and control of riots, terrorism, crime, and legal violations;
  • Responding to emergencies threatening the life, health, or safety of the Customer or other individuals.

Timeframe for deletion or destruction of Personal Data: Within 72 hours after the end of the storage period or upon the Customer’s request.

ARTICLE 11: METHODS OF DATA PROCESSING

DAFC applies one or more activities processing Personal Data, such as: data collection, recording, storage, retrieval, analysis, use, sharing, disclosure, deletion, encryption, decryption, and automated processing of Personal Data.

ARTICLE 12: COOKIES

When Customers use or access DAFC’s websites or online platforms (collectively referred to as “Websites”), DAFC may place one or more cookies on the Customer’s device. A “cookie” is a small file stored on the Customer’s device when they visit a Website, recording information about the device, browser, and, in some cases, the Customer’s preferences and browsing habits.
DAFC may use this information to:

  • Recognize Customers when they return to DAFC’s Websites;
  • Provide personalized services on DAFC’s Websites;
  • Compile analytical data to better understand Website performance and improve DAFC’s Websites.

Customers can use their browser settings to delete or block cookies on their devices. However, if Customers choose not to accept or block cookies from DAFC’s Websites, they may not be able to fully utilize all features of DAFC’s Websites.
DAFC may process Customer Personal Data through cookie technology in accordance with this Policy. DAFC may also use remarketing techniques to deliver advertisements to individuals who have previously visited its Websites.
Where Third Parties embed content on DAFC’s Websites (e.g., social media features), those Third Parties may collect Customer Personal Data (e.g., cookie data) if the Customer chooses to interact with such content or use Third-Party services.
When you access the Rolex section on our website, you may be redirected to www.rolex.com. In such cases, the Privacy Policy and Cookie Policy of www.rolex.com will exclusively apply.

Article 13: CONTACT INFORMATION

If the Customer has any questions regarding this Policy or issues related to data subject rights or the processing of their Personal Data, they may contact DAFC through the following channels:

Address: DAFC – 3rd Floor, Centec Tower, 72–74 Nguyen Thi Minh Khai Street, Xuan Hoa Ward, Ho Chi Minh City, Vietnam

Email: nghia.nguyen@dafc.com.vn; phong.dang@dafc.com.vn

Phone: +84 28 3825 7537

Article 14: GENERAL PROVISIONS

This Policy takes effect from June 1, 2024.
The Customer understands and agrees that this Policy may be amended from time to time and updated through DAFC’s transaction channels. Any changes and their effective dates will be published on DAFC’s transaction channels. Continued use of DAFC’s services after the notification period for amendments constitutes the Customer’s acceptance of such changes.

The Customer acknowledges and agrees that this Policy also serves as the Personal Data Processing Notice as required under Decree No. 13/2023/NĐ-CP dated April 17, 2023, and may be amended from time to time. Accordingly, DAFC is not required to take any additional steps to notify the Customer of Personal Data Processing.

The Customer commits to strictly comply with this Policy. For matters not specified herein, both parties agree to follow applicable laws, guidance from competent authorities, and/or amendments to this Policy as notified by DAFC from time to time.

The Customer may encounter advertisements or other content on any Website, application, or device that may link to websites or services of partners, advertisers, sponsors, or other Third Parties. DAFC does not control the content or links appearing on Third-Party websites or services and assumes no responsibility or liability for activities conducted by such Third-Party websites or services linked to or from any DAFC Website, application, or device. These websites and services may be subject to their own privacy policies and terms of use.

This Policy is entered into in good faith between DAFC and the Customer. In the event of a dispute during implementation, the parties shall seek resolution through negotiation and mediation. If mediation fails, the dispute shall be submitted to the competent People’s Court for resolution in accordance with the law.

This Policy constitutes the entire understanding between the Customer and the Company regarding access to personal information and supersedes all prior agreements or understandings, whether written or oral. This Policy shall be binding and effective for the benefit of the parties and their respective successors and assigns.

The Customer has read, fully understood their rights and obligations, and agrees to all terms of this Policy.

ROLEX SECTION

While navigating on the Rolex section of our website, some cookies are controlled by ROLEX SA which applies the following Cookies Policy.

This Personal Data Collection and Processing Policy (“Policy“) is implemented by Duy Anh Fashion and Cosmetics Joint Stock Company; business registration certificate/tax identification number No. 0304130177; Head Office Address: 3rd Floor, Centec Building, 72 – 74 Nguyen Thi Minh Khai, Vo Thi Sau Ward, District 3, Ho Chi Minh City, Vietnam (“DAFC” or the “Company“), which describes the activities related to the Processing of Customer’s Personal Data.

This Policy is an integral part of the contracts, agreements, terms and conditions that bind the relationship between DAFC and the Client.

Article 1. SUBJECTS AND SCOPE OF APPLICATION

This Policy governs the manner in which DAFC processes the Personal Data of the Customer and/or the co-users of DAFC’s products/services with the Customer when using the products/services provided by DAFC and/or when interacting with the Website. For the avoidance of doubt, this Policy applies only to individual Customers. DAFC encourages Customers to read this Policy carefully and to regularly check DAFC’s Website for any changes that DAFC may make in accordance with the terms of the Policy.

 

Article 2. TERMINOLOGY EXPLANATION

2.1 “Customer”means an individual who approaches, learns, registers, purchases, uses products and services or is involved in the process of operating and providing products and services by DAFC.

2.2 “DAFC” or “the Company”means Duy Anh Fashion and Cosmetics Joint Stock Company, tax code/business registration certificate No. 0304130177, head office address: 3rd floor, Centec Building, 72 – 74 Nguyen Thi Minh Khai, Vo Thi Sau Ward, District 3, Ho Chi Minh City, Vietnam.

2.3 “Personal Data” or “Personal Data”means information in the form of symbols, letters, digits, images, sounds, or the like in the electronic environment that is associated with a specific person or helps to identify a specific person. Personal Data includes Basic Personal Data and Sensitive Personal Data.

2.4 Basic Personal Data includes:

2.4.1 Full name, middle name and birth name, other names (if any);

2.4.2 Date of birth; date of death or disappearance;

2.4.3 Gender;

2.4.4 Place of birth, place of birth registration, place of permanent residence, place of temporary residence, current place of residence, hometown, contact address;

2.4.5 Nationality;

2.4.6 Images of individuals;

2.4.7 Telephone number, identity card number, personal identification number, passport number, driver’s license number, license plate number, personal tax identification number, social insurance number, health insurance card number;

2.4.8 Marital status;

2.4.9 Information about family relationships (parents, children);

2.4.10 Information about the individual’s digital account; Personal Data reflecting activities and history of activities in cyberspace;

2.4.11 Other information that is associated with a specific person or helps identify a specific person is not subject to Sensitive Personal Data.

2.4.12 Other data in accordance with current laws.

2.5 Sensitive Personal Data is  Personal Data associated with the privacy of individuals which, when infringed, will directly affect the legitimate rights and interests of individuals, including:

2.5.1 Political views, religious views;

2.5.2 Health status and private life are recorded in medical records, excluding information about blood type;

2.5.3 Information related to racial origin, ethnic origin;

2.5.4 Information about an individual’s inherited or acquired genetic trait;

2.5.5 Information about physical attributes, unique biological characteristics of individuals;

2.5.6 Information about the individual’s sex life and sexual orientation;

2.5.7 Data on crimes and criminal acts collected and stored by law enforcement agencies;

2.5.8 Customer information of credit institutions, foreign bank branches, payment intermediary service providers, and other licensed organizations, including: customer identification information in accordance with law, information about accounts, information on deposits, information on deposited assets, etc  information about transactions, information about organizations and individuals that are guarantors at credit institutions, bank branches, payment intermediary service providers;

2.5.9 Data on an individual’s location determined through location services;

2.5.10 Other Personal Data is specified by law as specific and requires necessary security measures.

2.6 Personal Data Protection: is the prevention, detection, prevention, and handling of violations related to Personal Data in accordance with the law.

2.7 Processing of Personal Data: means one or more activities affecting Personal Data, such as: collection, recording, analysis, confirmation, storage, correction, disclosure, combination, access, retrieval, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion,  destruction of Personal Data or other related actions.

2.8 Partners of the Company:are organizations and individuals that provide products, services and/or operate to DAFC through contracts, agreements or other forms of equivalent legal validity.

2.9 Third party: is an organization or individual other than DAFC and the Customer that has been explained under this Policy. For further clarification, any terms that have not been explained in this Article will be understood and applied in accordance with the applicable Vietnamese law.

2.10 DAFC transaction channels: including websites, retail channels at DAFC’s stores, electronic transaction channels and/or other transaction channels to provide products/services or to serve the needs of DAFC and customers.

Article 3. PURPOSES OF PROCESSING YOUR PERSONAL DATA

3.1 The Customer agrees to allow DAFC to Process the Customer’s Personal Data for one or more of the following purposes:

3.1.1 Providing products or services or assisting the Client in using the products/services of the Company and/or its Partners through a cooperation agreement requested by the Client;

3.1.2 Advising, evaluating, handling, responding or resolving the Client’s questions, requests, feedback, questions, instructions or complaints; as well as carrying out after-sales and customer care activities;

3.1.3 Adjust, update, secure and improve products, services, applications and equipment that DAFC is providing to Customers;

3.1.4 Verify the identity and ensure the confidentiality of the Client’s personal information;

3.1.5 To meet the service requirements and support needs of the Customer;

3.1.6 Notify customers of changes to policies and promotions of products and services that the Company is providing; exchanging information, including but not limited to promotional services, advertising and promotion programs related to products and services through forms such as phone calls, electronic means of contact such as email, fax, etc.

3.1.7 Measuring, analyzing internal data and other processing to improve and enhance the quality of the Company’s services/products or to carry out marketing communication activities;

3.1.8 Organize market research activities, public opinion polls to improve the quality of products/services or to research and develop new products and services to better meet the needs of customers;

3.1.9 Blocking and preventing fraud, identity theft and other illegal activities;

3.1.10 To have a basis for establishing, enforcing legal rights or defending legal claims of DAFC or the Client. These purposes may include exchanging data with other companies and organizations to prevent and detect fraud, reduce credit risk;

3.1.11 Compliance with applicable laws, relevant industry standards and other applicable policies of the Company;

3.1.12 Any other purpose specific to the Company’s operations;

3.1.13 Provide information to IPPG Group, its affiliates for the purposes set out above and provided that the recipient of the information will be bound by the same strict confidentiality terms as those contained herein;

3.1.14 Any other purpose notified by DAFC to the Client, at the time of collection of the Client’s Personal Data or prior to the commencement of the relevant processing or as otherwise required or permitted by applicable law;

3.1.15 Maintain, test and/or operate any systems or platforms necessary to provide any of the Company’s products and services; or in connection with the websites or mobile applications that will be provided by the Company to the Client;

3.1.16 Verify the Client’s identity to process orders when the Client places an order through the Company’s sales platforms such as the Company’s websites or mobile applications;

3.1.17 Marketing, promoting, improving, and enhancing the provision of products and services by the Company and optimizing the experience for Customers related to products and services through the collection and processing of Customer’s data;

3.1.18 To share with the Company’s organizations, affiliates and Partners, including those within the IPPG Group, to enable the Company’s organizations, affiliates and Partners to conduct market research, planning, customer surveys, trend analysis and/or other related forms of data analysis in order to better tailor the incentives, promotions and/or other direct marketing activities for the Company;

3.1.19 To provide additional services or value-added services;

3.1.20 To provide and administer loyalty benefits, rewards, promotions, contests, sweepstakes and other related benefits;

3.1.21 To inform the Client of new products and services offered or offered for sale by the Company or any of its organizations, affiliates and partners;

3.1.22 Any other purpose for which (i) is permitted or required by applicable law, trade rules, or market rules; (ii) is necessary, complementary or consequential to the purposes set forth above; or (iii) the Company deems it necessary to comply with applicable laws and regulations on the protection of personal data.

3.2 DAFC will request the Client’s permission before using the Client’s Personal Data for any purpose other than the purposes set out in Clause 3.1 above, at the time of collection of the Client’s Personal Data or before commencing the processing of the relevant Personal Data or as otherwise required or otherwise required by applicable law permit.

Article 4: CONFIDENTIALITY OF CUSTOMERS’ PERSONAL DATA

4.1 Privacy Guidelines:

4.1.1 The Client’s Personal Data is committed to confidentiality in accordance with the provisions of DAFC and the provisions of applicable laws. The processing of each Customer’s Personal Data shall only be carried out with the consent of the Customer, unless otherwise provided by law.

4.1.2 DAFC does not use, transfer, provide or share to any third party the Customer’s Personal Data without the Customer’s consent, unless otherwise provided by law.

4.1.3 DAFC will comply with other Personal Data security principles in accordance with applicable laws.

4.2 Consequences, unexpected damage may occur: DAFC uses various information security technologies to protect the Customer’s Personal Data from being retrieved, used or shared unintentionally. However, no data can be 100% secure. Therefore, DAFC is committed to providing the utmost security within the scope of the Client’s Personal Data. Some of the consequences and unexpected damages that may occur include but are not limited to:

4.2.1 Hardware and software errors in the process of data processing that cause loss of Customer’s data;

4.2.2 The security vulnerability is beyond the control of DAFC, the relevant system is attacked by hackers causing data disclosure;

4.2.3 The Customer discloses Personal Data due to: careless or fraudulent access to websites/downloading applications containing malware, etc.

4.3 DAFC recommends that the Customer keep confidential information related to the login password to the Customer’s account, OTP code and do not share this login password and OTP code with any other person.

4.4 Customers are advised to preserve electronic devices during use; Customers should lock, log out, or exit their account on DAFC’s website or App when not in use.

Article 5: TYPES OF PERSONAL DATA THAT DAFC PROCESSES

In order for DAFC to be able to provide products and services to the Customer and/or to process the Customer’s requests, DAFC may need and/or be required to collect Personal Data. Your Personal Data includes the information stated and listed below:

5.1 Basic Personal Data of the Client;

5.2 Data related to the Sites or applications: technical data (as stated above, including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Site, application usage statistics,  app settings, date and time of connection to the app, location data and other technical communications); security login details; usage data;

5.3 Marketing data: concerns about advertising; cookie data; clickstream data; browsing history; reaction to direct marketing; and opt out of direct marketing.

Basic personal data (pursuant to Clause 3, Article 2 of the Government’s Decree No. 13/2023/ND-CP dated April 17, 2023 on personal data protection; included X in the prescribed data type)
Last name, middle name, and birth name

X

Nationality

X

Other names (if any) Images of individuals

X

Date of birth

X

Phone Number

X

Date, month, year of death or disappearance Identity card number

X

Gender

X

Personal Identification Number

X

Birthplace Passport number 
Place of birth registration Driver’s License Number 
Permanent Residence License plate number 
Temporary Shelter Personal tax identification number 
Current Residence

X

Social insurance number 
Hometown Health insurance card number 
Contact Us

X

Marital Status 
Information about family relationships (parents, children) Information about an individual’s digital account

X

Personal data reflects cyber activity

X

History of operations in cyberspace

X

Other information associated with a specific person or helping to identify a specific person not specified in Clause 4 of this Article   

Article 6: HOW PERSONAL DATA IS COLLECTED

DAFC collects Personal Data from Customers in the following ways:

6.1 Directly from the Client by various means:

6.1.1 When the Client submits a request to register or fill in any other form related to the products and services of DAFC, the Company’s Partners;

6.1.2 When you interact with the Company’s Customer service personnel, for example through phone calls, letters, face-to-face meetings, sending emails, or interacting on social media;

6.1.3 When you use certain DAFC services or from the means and tools that the Company participates in or accesses, such as websites and applications including the establishment of online accounts with DAFC; video footage of surveillance cameras (CCTV),

6.1.4 When the Customer is contacted and responds to DAFC’s marketing representatives and Customer service personnel;

6.1.5 When the Client submits his/her personal information to the Company for any other reason, including when the Client registers for a free trial of any of its products and services or when the Client expresses interest in any of the Company’s products and services.

6.1.6 When the Customer purchases or uses Third Party services through DAFC or at DAFC’s transaction points and business establishments;

6.1.7 The Company may collect Personal Data from other lawful sources.

6.2 From Third Parties:

6.2.1 If you interact with a Third Party’s content or advertisements on the Site or in an application, the Company may receive your personal information from the relevant Third Party, in accordance with the applicable privacy policy of that Third Party.

6.2.2 If you choose to make an electronic payment directly to DAFC or through the Website or application, DAFC may receive your Personal Data from Third Parties, such as payment service providers, for that payment purpose.

6.2.3 In order to comply with its obligations under applicable law, DAFC may receive Personal Data about Customers from competent authorities.

Article 7: ORGANIZATIONS SUBJECT TO PERSONAL DATA PROCESSING

7.1 DAFC will share or jointly process Personal Data with the following organizations and individuals:

7.1.1 TRANSPACIFIC IMPORT-EXPORT CO., LTD

7.1.2 Partners of the Company.

7.1.3 Branches, business units and employees working at DAFC’s branches, business units, and agents.

7.1.4 Commercial stores and retailers involved in the implementation of DAFC promotions.

7.1.5 DAFC’s professional advisors such as auditors, lawyers,… as prescribed by law.

7.1.6 Courts and competent state agencies in accordance with the provisions of law and/or when requested and permitted by law.

7.2 DAFC undertakes to share or co-process Personal Data only where it is necessary to fulfil the Processing Purposes set out in this Policy or in accordance with the law. Organizations and individuals that receive Customer’s Personal Data will have to comply with the content specified in this Policy and the relevant provisions of the law on Personal Data Protection.

7.3 While DAFC will make every effort to ensure that Customer information is anonymized/encrypted, it cannot completely exclude the risk that such data may be disclosed in force majeure circumstances in accordance with applicable law

7.4 In the event of the involvement of other entities set out in this Clause 7.1, the Client agrees that DAFC shall notify the Client prior to DAFC’s implementation.

Article 8: PROCESSING OF PERSONAL DATA IN SOME SPECIAL CASES

DAFC ensures that the Processing of Customer’s Personal Data fully meets the requirements of the law in the following special cases:

8.1 Surveillance camera (CCTV) footage, in specific cases, can also be used for the following purposes:

8.1.1 For quality assurance purposes;

8.1.2 For the purpose of public security and occupational safety;

8.1.3 To detect and prevent suspicious, inappropriate or unauthorized use of the Company’s utilities, products, services and/or facilities;

8.1.5 Detecting and preventing criminal acts; and/or conduct investigations into incidents.

8.2 DAFC always respects and protects children’s Personal Data. In addition to the Personal Data Protection measures required by law, before Processing Children’s Personal Data, the Company will verify the age of the child and require the consent of (i) the child and/or (ii) the child’s parent or guardian in accordance with the law.

8.3 In addition to complying with other relevant legal regulations, the Company shall obtain the consent of one of the relevant persons in accordance with the provisions of applicable laws for the Processing of Personal Data related to the Personal Data of a person who has been declared missing/deceased.

Article 9: RIGHTS AND OBLIGATIONS OF CLIENTS IN RELATION TO PERSONAL DATA PROVIDED TO DAFC

9.1 Client Rights:

9.1.1 Customers have the right to be informed about their Personal Data Processing activities, unless otherwise provided by law.

9.1.2 The Customer may or may not consent to the Processing of his/her Personal Data, unless otherwise provided by law.

9.1.3 Customers have access to view, correct or request correction of their Personal Data in writing to DAFC, unless otherwise provided by law.

9.1.4 The Client has the right to withdraw his/her consent in writing to DAFC, unless otherwise provided for by law. The withdrawal of consent does not affect the lawfulness of the data processing that was agreed to by the Client with DAFC prior to the withdrawal of consent.

9.1.5 The Customer has the right to delete or request the deletion of his/her Personal Data in writing to DAFC, unless otherwise provided by law.

9.1.6 The Customer has the right to request the restriction of the processing of his/her Personal Data in writing to DAFC, unless otherwise provided by law. The restriction of data processing will be implemented by DAFC for 72 hours after the Customer’s request, with all Personal Data requested by the Customer to be restricted, unless otherwise provided by law.

9.1.7 The Customer has the right to request DAFC to provide itself with his/her Personal Data in writing to DAFC, unless otherwise provided by law.

9.1.8 The Customer has the right to object to DAFC, the Entity Entitled to the Processing of Personal Data as set out in this Policy Processing its Personal Data in writing to the DAFC in order to prevent or restrict the disclosure of Personal Data or the use of Personal Data for advertising, marketing purposes,  unless otherwise provided for by law. DAFC will fulfill the Client’s request within 72 hours after receiving the request, unless otherwise provided by law.

9.1.9 Customers have the right to complain, denounce or initiate lawsuits in accordance with the law.

9.1.10 To the maximum extent permitted by applicable law, DAFC is exempt from liability and the Client undertakes to release DAFC’s liability for damages in relation to Personal Data in any event; except for the case where DAFC violates the regulations on protection of Customer’s Personal Data as prescribed in this Policy and the provisions of the law, then the Customer only has the right to claim compensation for damages in accordance with the provisions of law.

9.1.11 Customers have the right to self-protection in accordance with the provisions of the Civil Code, other relevant laws, or request competent agencies and organizations to implement methods of protecting civil rights.

9.1.12 The Client has the right to withdraw this consent in whole or in part at any time by a formal notice to the Company (in writing), in accordance with applicable data protection laws. Customer acknowledges that the withdrawal of this consent may limit Customer’s rights to certain services, benefits, and rights, as set forth in this Policy

9.1.13 Other rights as prescribed by current law.

9.2 Client’s Obligations

9.2.1 Comply with the provisions of laws, regulations, and guidelines of DAFC regarding the processing of Customer’s Personal Data.

9.2.2 Provide complete, truthful, and accurate Personal Data and other information as required by DAFC when registering and using DAFC’s services and when there is a change in this information. DAFC will conduct the confidentiality of the Customer’s Personal Data based on the Customer’s registered information, so if there is any false information, DAFC will not be responsible in case such information affects or restricts the interests of the Customer. In case of failure to notify, if risks or losses arise, the Customer shall be responsible for errors or acts of abuse or fraud when using the service due to his/her fault or due to failure to provide correct, complete, accurate and timely information changes; including financial losses and expenses incurred due to incorrect or inconsistent information provided.

9.2.3 Coordinate with DAFC, competent state authorities or Third Parties in case of problems that affect the security of the Client’s Personal Data.

9.2.4 Protect your Personal Data; proactively apply measures to protect their Personal Data in the process of using DAFC’s services; promptly notify DAFC when detecting any errors or mistakes in his/her Personal Data or suspecting that his/her Personal Data is being breached.

9.2.5 Take responsibility for the information, data, and approvals that they create and provide in the online environment; take responsibility in case Personal Data is leaked or infringed due to his/her fault.

9.2.6 Regularly update DAFC’s Regulations and Policies in each period notified to Customers or posted on DAFC’s websites and or other transaction channels from time to time. Take actions in accordance with DAFC’s instructions to clearly express your approval or disapproval of the purposes of processing Personal Data that DAFC discloses to the Customer from time to time.

9.2.7 Respect and Protect the Personal Data of Others.

9.2.8 Other responsibilities as prescribed by law.

Article 10: PROCESSING AND STORAGE PERIOD OF PERSONAL DATA

10.1 Personal Data Processing Period: starting from the time the Customer consents to the Company processing Personal Data or the use of the Company’s products and services until the Customer completely terminates the use of the Company’s products and services or the Personal Data is requested by the Customer to be canceled in accordance with Article 10.3 below.

10.2 Retention period of Personal Data: starting from the time the Customer consents to the Company processing Personal Data or the use of the Company’s products and services until the Customer completely terminates the use of the Company’s products and services or the Personal Data is requested by the Customer to be canceled in accordance with Article 10.3 below.

10.3 Cases in which you have the right to request DAFC to delete your Personal Data immediately:

10.3.1 Withdraw consent;

10.3.3 Realizing that it is no longer necessary for the purpose of collection, have consented and accepted the possible damages when requesting the deletion of data;

10.3.3 Object to the processing of the data and DAFC has no legitimate grounds for further processing;

10.3.4 Personal Data is processed incorrectly for the agreed purposes or the processing of Personal Data is in violation of the provisions of law;

10.3.5 Personal Data must be deleted in accordance with the law.

10.4 Cases in which DAFC is allowed to refuse to delete Personal Data even if the Client requests:

10.4.1 Deletion of data is prohibited by law;

10.4.2 Personal Data is processed by competent state agencies for the purpose of serving the activities of state agencies in accordance with law;

10.4.3 Personal Data has been made public in accordance with the provisions of law;

10.4.4 Personal Data is processed to serve legal requirements, scientific research and statistics in accordance with law;

10.4.5. In case of national defense and security emergencies, social order and safety, major disasters, dangerous epidemics; when there is a risk of threatening security and national defense but not to the extent of declaring a state of emergency; prevention and combat of riots, terrorism, crime and law violations;

10.4.6 Responding to an emergency situation that threatens the life, health or safety of the Customer or other individual.

10.5 Time to delete and cancel Personal Data: from the end of the Personal Data storage period or at the request of the Customer to 72 hours after the end of the Personal Data storage period or at the request of the Customer.

Article 11: METHOD OF DATA PROCESSING

DAFC applies one or more activities that affect Personal Data such as: data collection, recording, storage, retrieval, analysis, use, sharing, disclosure, deletion, encryption, decryption and automatic processing of Personal Data.

ARTICLE 12: COOKIES

12.1 When you use or access DAFC’s websites and online news sites (hereinafter collectively referred to as the “Website“), DAFC may place one or more cookies on your device.”A“cookie” is a small file placed on the Customer’s device when the Customer accesses a Web Site, which records information about the Customer’s device, browser and, in some cases, the Customer’s preferences and browsing habits. DAFC may use this information to identify you when you return to the DAFC Sites, to provide personalized services on the DAFC Sites, to compile analytics to better understand the operation of the Sites and to improve the DAFC Sites. Customers can use their browser settings to delete or block cookies on their devices. However, if you decide not to accept or block cookies from the DAFC Websites, you may not be able to take full advantage of all the features of the DAFC Websites.

12.2 DAFC may process your personal information through cookie technology, in accordance with the provisions of these Terms. DAFC may also use remarketing to serve ads to individuals that DAFC knows have previously visited its Site.

12.3 To the extent that Third Parties have assigned content on DAFC’s Sites (e.g., social media features), such Third Parties may collect your personal information (e.g., cookie data) if you choose to interact with such Third Party’s content or use the Third Party’s services.

Article 13: CONTACT INFORMATION FOR PROCESSING PERSONAL DATA

In the event that the Client has any questions regarding this Policy or matters relating to the rights of the data subject or the Processing of the Client’s Personal Data, the Client may use the following contact forms:

13.1 Send a letter to the Company at: DAFC – 3rd Floor, Centec Building, 72 – 74 Nguyen Thi Minh Khai, Vo Thi Sau Ward, District 3, Ho Chi Minh City, Vietnam

13.2 Send an email to the email box: nguyen@dafc.com.vn; phong.dang@dafc.com.vn

13.3 Phone: +8428 3825 7537

Article 14: GENERAL PROVISIONS

14.1 This policy is effective from 01/06/2024.

14.2 The Client understands and agrees that this Policy may be amended from time to time and updated through the DAFC Trading Channels. The changes and the effective date will be updated and announced in the DAFC Trading Channels. The Customer’s continued use of the service after the deadline for notifying the amended and supplemented contents in each period means that the Customer has accepted such amended and supplemented contents.

14.3 The Customer has clearly understood and agreed that this Policy is also the Notice of Personal Data Processing specified in Decree No. 13/2023/ND-CP, dated 17/04/2023and amended and supplemented from time to time. Accordingly, DAFC does not need to take any other measures for the purpose of notifying the Customer of the Processing of Personal Data.

14.4 The Customer commits to strictly implement the provisions of this Policy. For matters that have not been regulated, the Parties agree to comply with the provisions of law, the guidance of competent State agencies and/or amendments and supplements to this Policy shall be notified by DAFC to the Customer from time to time.

14.5 You may see advertisements or other content on any Site, application or device that may link to Sites or services of partners, advertisers, sponsors or other Third Parties. DAFC does not control the content or links appearing on the Sites or Third Party services and assumes no responsibility or liability for the activities used by the Sites or Third Party services linked to or from any of the Sites,  app or device. The Sites and these services may be subject to the Third Party’s own privacy policies and terms of use.

14.6 This Policy is entered into on the basis of good faith between DAFC and the Client. In the process of implementation, if a dispute arises, the Parties will actively settle it through negotiation and mediation. In case of unsuccessful mediation, the dispute will be brought to a competent People’s Court for settlement in accordance with law.

14.7 This Policy constitutes the entire understanding between the Client and the Company regarding access to personal information and supersedes all prior written or understood (if any), whether written or oral. This Policy shall be binding and effective for the benefit of the parties as well as their respective successors and assigns.

14.8 Customers have carefully read, understood their rights and obligations and agree to the entire content of this Policy./.

ROLEX SECTION

While navigating on the Rolex section of our website, some cookies are controlled by ROLEX SA which applies the following Cookies Policy.