PRIVACY POLICY

This Privacy Policy is implemented by Duy Anh Fashion and Cosmetics Joint Stock Company; business registration certificate/tax identification number 0304130177; head office address: 3rd floor, Centec Building, 72 – 74 Nguyen Thi Minh Khai, Vo Thi Sau Ward, District 3, Ho Chi Minh City (“DAFC” or the “Company“). DAFC is committed to protecting the privacy of customers’ information. Please read the “Privacy Policy” below to better understand our commitments to respect and protect the rights of visitors.

This Privacy Policy is an integral part of the contracts, agreements, terms and conditions that bind the relationship between DAFC and the Client.

The Privacy Policy applies to personal data processed or controlled by the Company, including but not limited to personal data of employees of DAFC, customers of DAFC or of other data subjects (“Clients“) on the Company’s websites,  related to the Company’s products and services and within the framework of the Company’s business activities and other activities in Vietnam.

This Privacy Policy is governed by and construed in accordance with the laws of Vietnam. The Company may amend this Privacy Policy from time to time to update the regulations in accordance with changes in the laws of Vietnam and/or with changes in the Company’s operations. Please visit the DAFC Trading Channel to view the latest version of this Privacy Policy.

Article 1: PURPOSE AND SCOPE OF COLLECTION

The personal data information that the Company collects as a data controller depends on the Customer’s use of certain services at DAFC, interaction with the Company’s systems and/or access and is subject to the requirements of applicable law. All information declared by the Customer must ensure accuracy and legality. DAFC is exempt from all liability related to the content of personal data declared by the Customer. We also collect information about the number of visits, including the number of pages you view, the number of links; Customer clicks and other information related to the connection to the DAFC site, information that the Web browser (Browser); The Customer uses DAFC every time it accesses, including: IP address, browser type, language used, time, addresses that the Browser retrieves to and through:

• Labor-related data: The Company collects information to perform employment contracts with its employees, including but not limited to name, home address, telephone number, nationality, photo, identification number, social insurance number, immigration status, etc.  information about gender, health, ethnicity, bank information, work experience, education, operational history, training history, accident history, sick leave information, health certificates, or other documents necessary to demonstrate special benefit status,  For example, information related to pregnancy and the age of the children. We may collect beneficiary data related to insurance or other benefits associated with employees, including emergency contact information, marital status, information about family members (e.g., name, date of birth, gender, and personal identification number) if necessary to provide benefits,  guarantee or support. Before the Client provides the Company with the personal data of another person, the Client must (i) notify that person of the personal data expected to be provided to the Company and the Company’s personal data processing activities and (ii) obtain consent from that person for the provision of such personal data.

The Company monitors the use of the Company’s systems, networks and equipment by its employees by:

• Monitor the websites employees visit;
• Retain and view electronic communication content and metadata;
• Manage email with software;
• Record network activity logs;
• Record the entry and exit of employees through the access control system;
• Test for banned substances if necessary for health and safety purposes;
• Phone Recording;
• Monitor phone usage; and
• Consider the location data collected when using tracking technology to protect the Company’s assets or vehicles.

Supervision can be carried out in an appropriate manner to ensure compliance with legal obligations.

• Buy Transaction. personal information and information related to the Customer’s purchase with DAFC, including payment information, invoicing information.
• Customer’s Communication with DAFC: When Customer requests information about the Company’s products and services, signs up for newsletters, requests customer support or technical support, or otherwise communicates with the Company, DAFC may collect Customer’s personal information,  for example, full name, email address, mailing address, and/or telephone number.
• Other Programs, and Events: DAFC may collect personal data from data subjects when DAFC participates, sponsors, or organizes programs and events
• DAFCcollects and uses Customer’s personal information for appropriate purposes and fully complies with the content of this Privacy Policy. When necessary, we can use this information to contact customers directly in the form of: sending open letters, orders, thank you letters, SMS, technical and security information, etc.
• DAFC uses  personal data for a variety of business purposes, including marketing and providing products and services, administrative purposes, and to comply with legal requirements, as described below.
• DAFC uses  the Customer’s information for the purposes of providing products and services: DAFC uses the Customer’s data to conduct transactions with the Customer and provide the Customer with products, services and support, including but not limited to:
  • Manage Customer’s information and orders;
  • To provide products and services;
  • Responding to customer support requests;
  • Contacting the Client about the Client’s orders, activities and policy changes; and
  • Payment support.
• DAFC uses  your information for the purposes of marketing and advertising our products and services: We may use personal information to provide You with content and advertisements for Our products and services. We may provide You with such content in accordance with applicable law. In addition, the Company uses the Customer’s information for the purposes set out in the applicable Personal Data Collection and Processing Policy issued by the Company from time to time.
• DAFC uses  your information for administrative purposes, including but not limited to:
• Detect security incidents, protect against illegal, fraudulent, fraudulent or harmful activities;
• Improve and upgrade the Company’s products and services;
• Develop new products and services;
• Ensure internal quality management and safety;
• Authenticate and confirm personal identity, including exercising the Client’s rights under this policy;
• Audits related to interactions, transactions, and other compliance activities;
• Sharing information with third parties as necessary to provide products and services;
• Implement DAFC’s policies and contracts; and
• Comply with DAFC’s legal obligations.
• Marketing and advertising of products and services: DAFC may use personal information to provide Customers with content and advertisements for DAFC’s products and services. DAFC may provide the Customer with such content in accordance with the provisions of applicable law.
• DAFC uses  Customer’s information for  human resource management purposes: The Company collects and processes Employees’ Personal Data for various purposes in accordance with Vietnamese law and collective labor agreements, including:

1.10.1 Recruitment, training, development, promotion, career and planning for the development of the successor team;

1.10.2 Evaluation in the process of recruitment and allocation of personnel;

1.10.3 Provide and manage income, salary, benefits and bonus programs and provide corresponding salary information;

1.10.4 Distribute and manage work and responsibilities in related business activities;

1.10.5 Identify and communicate effectively with other employees (including current, past and future employees, as the case may be) and manage such communications;

1.10.6 To manage and operate the assessment, allegations, complaints, investigations and procedures relating to conduct, performance, competence, absence and handling of complaints and other formal or informal personnel processes and to make relevant management decisions;

1.10.7 Consultation or negotiation with the trade union;

1.10.8 Conduct surveys to evaluate and identify better options for employment and employment relations (these surveys are usually anonymous but may contain profiling data such as age to support the analysis of the results);

1.10.9 Processing absence information or medical information related to health or physical or psychological conditions to assess eligibility for permanent or temporary disability benefits or benefits, determine whether it is suitable for work, support return to work,  make appropriate adjustments or arrangements in terms of duties or workplaces and make management decisions on labor or continuation of employment or transfer and implement related management processes;

1.10.10 Plan, manage and implement restructuring, redundancy or other change programs including consultation, selection and search for replacement personnel and make appropriate management decisions;

1.10.11 Operating e-mail, information technology, internet connection, intranet, social network, processes and policies related to human resources or other processes and policies of the company;

1.10.12 Comply with applicable laws and regulations (e.g. regulations on maternity leave, regulations on working hours, work safety and health, regulations on taxation, trade unions and other labor regulations and laws);

1.10.13 Plan, verify and execute a commercial transaction or transfer of services related to the Company that affects the Employee’s employment relationship with the Company (e.g. mergers and acquisitions);

1.10.14 Serving the preparation of reporting documents or operating business activities;

1.10.15 Where it is appropriate to publish public publications or internal publications;

1.10.16 Support for personnel management and the maintenance and implementation of records necessary for the management of labor relations and the performance of labor contracts;

1.10.17 To exercise the Company’s statutory rights and obligations, and for purposes related to any claim made by the Employee, against the Employee or related to the Employee;

1.10.18 To protect the Company’s trade secrets and other confidential information, and to prevent the occurrence of any offense or breach that may affect the Company’s business, and to carry out investigations into such matters;

1.10.19 To comply with lawful requests of relevant authorities, court orders, state regulations or other regulatory authorities (including but not limited to data, tax and personnel protection); and

1.10.20 Other purposes permitted by applicable law.

• The Customer understands that some of the above information may constitute sensitive personal data in accordance with the provisions of Vietnamese law. By agreeing to this Privacy Policy, the Client hereby agrees that the Company may process such data for the purposes set forth in this article.
• Types of personal data processed:

ARTICLE 2: HOW DO WE SHARE YOUR INFORMATION?

DAFC may disclose your information to third parties for business purposes, including the provision of the Company’s products and services, or in the case of a parent company or subsidiary of DAFC, or in the event of a transaction such as a merger,  purchase and sale of transfer of assets, as described below:

• DAFC may share your personal information with third party service providers, who will use such information to help DAFC (i) provide products and services or (ii) fulfill business needs, including information technology support service providers,  storage, payment processing, customer care, shipping, marketing, advertising, auditing and other related services;
• DAFC may access, retain and disclose any information that DAFC has about the Customer to third parties to: comply with legal requirements of law enforcement authorities; implementing policies and contracts; or assist in the investigation or prosecution of suspects or other related activities;
• In the event that the Company is involved in a merger, sale, financial due diligence, restructuring, bankruptcy proceedings, asset sale or similar processes, the Client’s information may be transferred as part of such transaction,  in accordance with the law and/or contract.

Article 3: RIGHTS OF CUSTOMERS

• In compliance with applicable laws and in relation to the personal data that DAFC processes and controls, the Customer has the following rights:
• The right to be informed about your processing activities and third parties to share your data;
• The right to access or be requested to view or correct the Client’s personal data;
• Right to withdraw consent to DAFC’s processing of your personal data. Please note that, if the Customer does not provide personal data to DAFC or withdraw consent to DAFC’s processing of the Customer’s personal data, DAFC may not be able to perform certain obligations to the Customer.
• Right to erasure: The Customer has the right to delete personal data or request that the Customer’s personal data be deleted. Please note that legal regulations may require DAFC to retain your personal data. If DAFC is unable to delete the Client’s personal data, DAFC will notify you in writing of the reasons, subject to legal restrictions;
• Right to object/restrict data processing activities.
• The right to request and receive a copy of the personal data that the Client has provided to DAFC;
• Other rights: Data subjects also have the right to claim compensation, the right to legal proceedings and/or the right to apply self-protection measures.
• If the Client wishes to exercise any of the rights, please contact DAFC using the information in the contact information section of Article 6. To the extent not restricted by relevant legal provisions, DAFC will comply with such requirements in accordance with applicable legal provisions.

Article 4: INFORMATION RETENTION PERIOD

• Unless permitted or otherwise required by Vietnamese law, the Company retains personal data only for as long as the retention is necessary for the purposes for which the personal data was collected (including, for the purpose of satisfying any legal obligation or requirement,  accounting, reporting, record-keeping or other obligations and requirements) and for the archiving of information technology data, if any.
• The Client, as a data subject (“Data Subject“) may request the Company to delete/cancel the Personal Data in the Company’s possession. However, the law may compel the Company to refuse the deletion of such Personal Data. In that case, the Company will notify the Data Subject in writing of the reason, complying with any restrictions under the law.

Article 5: PERSONAL DATA PRIVACY REGULATIONS

• The international and domestic card payment transaction policy ensures compliance with the security standards of Payment Partners including:
  • The Client’s financial information will be protected throughout the transaction process using the 256-bit SSL (Secure Sockets Layer) protocol.
  • One-time passwords (OTPs) are sent via SMS to ensure account access is authenticated.
  • Principles and regulations on information security in the banking and finance industry in accordance with current regulations of the State Bank of Vietnam in each period.
• The System’s payment transaction security policy applies to customers:
  • The Customer’s payment card information that can be used to establish a transaction is NOT stored on the System’s system. The Payment Partner will store and secure it in accordance with the international standard PCI DSS.
  • For domestic cards (internet banking), the system only stores the order code, transaction code and bank name. The System is committed to ensuring the strict implementation of the necessary security measures for all payment activities carried out on the System page.
• DAFC takes measures to ensure that your information is handled in a secure manner and in compliance with this Privacy Policy. DAFC also implements appropriate safeguards to protect the Client’s personal data and takes measures to require third party service providers and partners to have appropriate safeguards.
• The Customer’s information on the sales software system, online sales website (the “System“) of DAFC is committed to absolute confidentiality by DAFC in accordance with this Privacy Policy. The collection and use of information of each Customer shall only be carried out with the consent of such Customer, unless otherwise provided for by law.
• In case the System is attacked by hackers leading to the loss of the Customer’s personal data, DAFC will be responsible for notifying the case to the investigating authorities for timely handling and notifying the Customer.
• The card payment system is provided by payment gateway partners (“Payment Partners“) that have been legally licensed to operate in Vietnam. Accordingly, the card payment security standards at the System ensure compliance with industry security standards.

Article 6: CONTACT INFORMATION

If you have any questions about DAFC’s data processing practices or this Privacy Policy, or request to exercise your rights under this Privacy Policy, please contact DAFC at:

Duy Anh Fashion and Cosmetics Joint Stock Company

Business registration address: 3rd floor, Centec Building, 72 – 74 Nguyen Thi Minh Khai, Vo Thi Sau Ward, District 3, Ho Chi Minh City

Office Phone: +8428 3825 7537

Article 7: UPDATE NOTICE

This policy is effective from 01/06/2024. The Client understands and agrees that this Policy may be amended from time to time and publicly updated through DAFC’s Trading Channels. Please visit to view the most current version of this Privacy Policy./.