CUSTOMER PERSONAL DATA PROTECTION POLICY
I. TYPES OF DATA COLLECTED BY INSMART
In order for Insmart to process Customer requests and provide products and services to the Customer, as well as to comply with applicable legal regulations, Insmart may collect and/or process the following Basic personal data and Sensitive personal data of the Customer:
a. Surname, middle name, birth name, other names (if any)
b. Date of birth; day, month, year of death or disappearance
c. Sex
d. Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address
e. Nationality
f. Images of individuals
g. Phone number, ID card number, personal identification number, passport number, driver’s license number, license plate number, personal tax code number, social insurance number, health insurance card number, insurance policy number
h. Marital status
i. Information about family relationships (parents, children)
j. Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace
k. Other information that pertains to a particular person or helps identify a particular person
l. Political views, religious views
m. Health status and personal life are recorded in medical records, excluding information about blood type
n. Information related to racial origin and ethnic origin
o. Information about an individual’s inherited or acquired genetic characteristics
p. Information about physical attributes and biological characteristics of individuals
q. Data on crimes and criminal acts are collected and stored by law enforcement agencies.
r. Information is automatically collected when Customers use Insmart’s website, mobile applications and other communication means such as IP address information, cookies, device codes, etc
s. Data about an individual’s location is determined through location services. Insmart collects this Personal Data for a number of reasons including but not limited to: (a) For recording purposes; (b) Compliance with Applicable Laws and Regulations; (c) Compliance with internal regulations and policies; (d) Facilitate the management, support and development of legal products and services; (e) Support security, crime prevention and anti-fraud purposes; (f) Investigate or discover unauthorized, illegal or abusive use of Insmart services, systems or other materials; (g) Serving product features
t. Depending on the purpose of processing Personal Data, Insmart and the Data Processors it uses may apply appropriate processing practices including but not limited to Personal Data processing practices. automatic, non-automatic, other methods that ensure data protection requirements
II. PURPOSE OF INSMART PROCESSING AND USING CUSTOMERS’ PERSONAL DATA
Insmart and the data processors used by Insmart may process Personal Data for one or more of the purposes below:
2.1 To identify, verify and maintain accurate customer identification information; Search, verify and conduct inspection activities on anti-money laundering, insurance fraud and other inspections in accordance with the Law.
2.2 To evaluate, identify, appraise and approve the products and services that Insmart provides.
2.3 To fulfill contractual obligations with the Data Controller, Data Processor or Customer.
2.4 For Insmart to consider providing or continuing to provide any of Insmart’s products or services to customers.
2.5 To serve customer care services, resolve complaints and grievances.
2.6 To serve the purpose of contacting customers.
2.7 To better understand customers’ current and future needs.
2.8 To enter data, check the completeness and accuracy of data that customers provide to Insmart and/or enter into the system.
2.9 To improve, enhance, optimize, and personalize Insmart products and services.
2.10 To fulfill reporting, financial, accounting, tax and other legal obligations.
2.11 To serve Insmart’s internal operational requirements (including for risk management, system planning and development, or product, insurance, auditing and operations purposes).
2.12 To provide agencies and organizations providing credit rating and auditing services operating legally in Vietnam or providing to competent agencies according to the Law.
2.13 Other personal data related to the provision of Insmart products and services in accordance with relevant Laws.
2.14 To protect or enforce Insmart’s legal rights.
2.15 To ensure Insmart’s legitimate business purposes or to exercise or protect Insmart’s legal rights and in cases where Insmart deems necessary, including but not limited to exchanging information with suppliers. service providers and parties providing customer information to Insmart.
2.16 To create data, reports and statistics, feedback to Insmart or other relevant third parties of Insmart or competent authorities.
2.17 When the Customer withdraws his consent for any or all purposes, requests deletion of Data, requests restriction of data processing or objects to data processing, subject to the request of the Other compliance with these requirements may cause Insmart’s provision of products and services to be limited, restricted, suspended, canceled, prevented or prohibited, as the case may be. To clarify, Insmart may not provide customers with complete and quality products and services as usual or, at its discretion, may decide to discontinue or discontinue providing products or services. service. Insmart shall not be liable to the Customer for any loss arising and Insmart’s legal rights are expressly reserved to limit, restrict, suspend, cancel or prevent, or that prohibition.
III. SHARING CUSTOMER PERSONAL DATA
To provide products and services to the Customer, manage and operate those products and services, as well as to serve the purposes outlined above, Insmart may disclose the Customer’s personal data or the personal data of individuals related to the Customer to the following data processors:
3.1 Competent agencies request to provide information according to the provisions of law.
3.2 Units with credit rating and auditing functions; Rating organizations…
3.3 Any subsidiaries, affiliated companies, or companies belonging to the Insmart ecosystem as determined by Insmart.
3.4 Any court, tribunal or competent authority, whether governmental or non-governmental, has authority/is required to exercise responsibility from Insmart.
3.5 Any contractors, agents, service providers, consultants or affiliates of Insmart; Organizations that are sellers, suppliers, partners, and agents include but are not limited to companies that provide support services for Insmart’s business activities such as organizations that provide administrative services. administration, postal, data processing, information technology, customer search and verification, market research, data modeling, record keeping, data entry, messaging, sending email, consulting services, providing support services for business processes…
3.6 Provide to any person acting on behalf of the Customer (payee, beneficiary, person appointed as legal representative, bank…)
3.7 Other related matters that Insmart finds necessary to meet and protect the legitimate rights and interests of customers.
3.8 Client’s advisors include Client’s auditors, lawyers, and financial advisors.
3.9 Any person notified, authorized, or permitted by the Customer is allowed to provide information for the Service that the Customer is using.
3.10 The police or any public officer conducts an investigation in relation to any violation including suspected violations.
3.11 The provision of Data is done with the Customer’s consent or the disclosure is approved by the Customer when the Customer uses other Insmart products and services.
IV. HOW INSMART COLLECTS CUSTOMER INFORMATION
Insmart as a Personal Data Processor depends on each service and the Personal Data Processors used by Insmart may collect such data from a variety of sources, including but not limited to:
4.1 Through the relationship between Customer and Insmart, for example, information provided by Customer in registration forms, supporting documents, when Customer uses Insmart products or services, when participating in surveys and promotional programs.
4.2 Through verbal and written communication between the Customer and Insmart.
4.3 Through the relationship between Customer and Insmart, for example, information provided by Customer in registration forms, supporting documents, when Customer uses Insmart products or services, when participating in surveys and promotional programs.
4.4 From third parties having a relationship with the Customer, such as employers, account co-owners, guarantors, security providers, co-partners, co-managers and co-shareholders.
4.5 From any credit reporting provider, credit reference provider and Government agency or information obtained from any publicly available source, guide or registry any.
4.6 Through files created by the website that Customer visits (cookies) or similar monitoring devices/tools.
4.7 From medical facilities and medical examination and treatment facilities where the Customer has been or is being treated.
4.8 From third party sources, whose collection the Customer consents to, or sources whose collection is required or permitted by law.
V. TRANSFER OF DATA ACROSS BORDER
In order to carry out the purposes of processing Personal Data, Insmart may share and transfer Customer Personal Data to relevant third parties of Insmart and these third parties may be located in Vietnam or any other country. other place. When transferring Personal Data abroad, Insmart will require the receiving party to ensure the safety of the transferred Data. Insmart commits to fully comply with regulations and compliance requirements of Vietnamese Law to protect the safety of Customer Data.
VI. PROCESSING OF CHILDREN’S PERSONAL DATA
6.1 Processing of children’s personal data is always carried out in accordance with the principle of protecting the rights and in the best interests of children.
6.2 The processing of children’s personal data must have the child’s consent in the case of a child aged 7 years or older and the consent of a parent or guardian as prescribed, except in cases where prescribed in Article 7 of this Regulation. Insmart must verify the age of children before processing their personal data.
6.3 Stop processing children’s personal data, irreversibly delete or destroy children’s personal data in the event of:
– a. Processing data for purposes other than the purpose or for which the personal data processing purpose agreed to by the Data Subject has been completed, unless otherwise prescribed by law.
– b. The child’s father, mother or guardian withdraws consent to the processing of the child’s personal data, unless otherwise provided by law.
– c. At the request of a competent authority when there is sufficient evidence to prove that the processing of personal data affects the legitimate rights and interests of children, unless otherwise prescribed by law.
VII. PROCESSING OF PERSONAL DATA IN CASES WHEN THE CONSENT OF THE DATA SUBJECT IS NOT REQUIRED
7.1 In case of emergency, it is necessary to immediately process relevant personal data to protect the life and health of the Data Subject or other people. Insmart, Personal Data Processors, Third Parties bear the burden of proving this case.
7.2 Disclosure of personal data as prescribed by law.
7.3 Data processing by competent state agencies in the event of an emergency regarding national defense, national security, social order and safety, major disasters, and dangerous epidemics; when there is a threat to security and national defense but not to the extent of declaring a state of emergency; prevent and combat riots, terrorism, prevent and combat crimes and violations of the law according to the provisions of law.
7.4 To perform the Data Subject’s contractual obligations with relevant agencies, organizations and individuals according to the provisions of law.
7.5 Serving the activities of state agencies regulated by specialized laws.
VIII. STORAGE OF CUSTOMER INFORMATION
8.1 Depending on the specific activity, Data may be processed by Insmart after it is provided, collected and processed in accordance with the purpose until the Customer requests to delete the Personal Data. provide.
8.2 Data subjects may request Insmart to delete their personal data in the following cases:
– a. Realizing that it is no longer necessary for the purpose of collection, have agreed and accepted the damages that may occur when requesting data deletion.
– b. Objects to data processing and Insmart has no legitimate reason to continue processing.
– c. Withdraw consent.
– d. Personal data is not processed for the agreed purpose or the processing of personal data is in violation of the law.
– e. Personal data must be deleted in accordance with the law.
8.3 Data deletion will not apply upon request from the Data Subject in the following cases.
– a. The law does not allow data deletion.
– b. Personal data is processed by competent state agencies for the purpose of serving the activities of state agencies in accordance with – the law.
– c. Personal data has been made public in accordance with the law.
– d. Personal data is processed to serve legal requirements, scientific research, and statistics in accordance with the law.
– e. In case of emergency regarding national defense, national security, social order and safety, major disasters, dangerous epidemics; when there is a threat to security and national defense but not to the extent of declaring a state of emergency; preventing and combating riots, terrorism, preventing and combating crime and law violations.
– f. Respond to an emergency situation that threatens the life, health or safety of a Data Subject or another individual.
8.4 Data deletion is performed within 72 hours after the Data Subject’s request for all personal data collected by Insmart, unless otherwise prescribed by law.
IX. UNWANTED CONSEQUENCES AND DAMAGES MAY OCCUR
Personal data is an important information asset of Insmart, therefore we attach great importance to ensuring the security of data subjects’ Personal Data. We regularly review and implement and update our organizational, management and technical measures in the processing of Personal Data. In addition, we have internal policies and controls in place to ensure that Personal Data is not lost, accidentally destroyed, misused or disclosed and is not accessible to other than by our employees. us in carrying out their duties. Our staff are trained to handle Personal Data securely and with the utmost respect, otherwise they may be subject to equivalent disciplinary action. Although we make every effort to secure your Personal Data, the processing of Personal Data may pose a risk of data leakage from third parties such as hackers gaining unauthorized access to Personal Data. core. In the event of a data breach, we will comply with all reporting and remediation obligations under applicable law.
CONTACT INFORMATION
In case you have questions about the processing of your personal data, please contact the Personal Data Protection Committee of Insmart Joint Stock Company in one of the following ways:
– Address: 25th floor, Ngoc Khanh Plaza building, No. 1 Pham Huy Thong, Ngoc Khanh ward, Ba Dinh district, Hanoi
– Hotline: (+84) 24 73099990
– Email: pdpd@insmart.com.vn