Notice on personal data processing

1.1 "Personal data": is information in the form of symbols, letters, numbers, images, sounds or the like on an electronic medium that is associated with a particular person or helps to identify a person specific and specified in Section 2 of this Notice on personal data processing (hereinafter referred to as “Notice PDP”).

1.2 Products and services”: are (i) products and services provided by VIB; (ii) products and services provided by VIB's partners and distributed through VIB.

1.3 This Notice PDP regulates and governs VIB’s processing of “Personal data subject” as:

• Individual customers using products and services (hereinafter referred to as “Customers").
• Customer's related persons are required to collect by law (hereinafter referred to as “Related Person”).
• Other person according to VIB's regulations from time to time: guarantor is an individual; dependent, spouse, child, parent, sibling, grandparent, aunt/uncle, friend, beneficiary, reference, co-worker, legal heir, estate manager/user, legal representative, guardian, person living/residing at the same residence address, authorized person, contact person in case of emergency, user of the VIB Checkout e-banking application (VIB Checkout user) and/or other individual as required by law (collectively referred to in this document as “Third Parties”).
  By providing personal data of Related Person and/or a Third Parties to VIB, you assure and warrant that: (i) You have obtained the consent of Related Person and/or Third Parties for the processing of personal data according to the terms and conditions stated in this Notice PDP, (ii) You are fully responsible for VIB's processing of personal data of Related Person and Third Parties that you provide VIB.

1.4 In the scope of processing personal data according to this Notice PDP, VIB is the controller and/or the controller and processor of personal data.

1.5 Personal data processing is one or several activities affecting personal data, including but not limited to: collection, recording, analysis, confirmation, storage, editing, disclosure, combine, access, retrieve, encrypt, decrypt, copy, share, transmit, provide, transfer, delete, destroy personal data or other related actions.

2.1 Group 1 personal data:

Surname, middle name, birth name, other names (if any); Date of birth; date, month, year of death or disappearance and relevant paperwork information; Sex; Place of birth, place of birth registration, birth certificate information, permanent residence, temporary residence, current residence, hometown, contact address; Nationality; Individual's image, Voice information; Electronic data; Phone number, ID card information, citizen identification card, personal identification number notification, passport, Visa, residence card; Driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number; Information about assets owned/used by Customers/Third Parties/Related Person; Marital status; Information about occupation, income, employment status (including but not limited to: occupation, agency, work address, position, work permit information, labor contract information, email, personal/business tax code, income level, salary payment method and other relevant information); Information about family relationships (spouses, parents, children); Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace; Other information that pertains to you or helps identify you does not belong to Personal Data group 2 mentioned below.

2.2 Group 2 personal data:

Political views, religious views; Health status and personal life are recorded in medical records, excluding information about blood type; Information related to racial origin and ethnic origin; Information about an individual's inherited or acquired genetic characteristics; Information about physical attributes and biological characteristics of individuals; Data on crimes and criminal acts are collected and stored by law enforcement agencies; Dispute information related to Customer/Third Parties/Related Person and/or assets of Customer/Third Parties/Related Person; Customer information of credit institutions, foreign bank branches, payment intermediary service providers, and other authorized organizations, including: other information on customer identification according to the provisions of law, account information, deposit information, deposited asset information, transaction information, information about organizations and individuals that are guarantors at credit institutions, bank branches, organizations providing intermediary payment services; information about contracts concluded with partners through VIB; Data about an individual's location determined through device/system/location services and other related data sources; Other personal data is regulated by law as specific and requires necessary security measures.

2.3 Group 3 personal data:

Data created/extracted from or related to technical systems (including devices, applications, software, operating systems, browsers, IP addresses, other technical systems) such as: information language settings, date and time of connection to the website, application usage statistics, application installation, date and time of connection to the application; account name; password; secure login details; usage data; other related data and information.
Data generated/extracted regarding advertising interests; cookie data; clickstream data; browsing history; response to direct marketing; and opt out of direct marketing; other related data and information.

3.1 Handle customer requests when requesting to provide products and services:

• Identify/verify identity and background;
• Update personal information;
• Check and compare with relevant data sources;
• Enter data, check and control the completeness and accuracy of data entered into the system;
• Evaluate and appraise financial status;
• Measure, build and evaluate the reliability of credit reputation;
• Check, evaluate, appraise and approve customers' credit conditions;
• Serves the purpose of anti money laundering, combating terrorist financing, complying with embargoes or sending to competent authorities according to regulations from time to time;
• For FATCA (Foreign Account Tax Compliance Act) compliance purposes as agreed between the IRS and the Vietnamese government;
• On behalf of customers, check and compare with customer information, account information (excluding passwords) of customers at tax authorities, companies providing products and services that VIB deemed necessary to serve the assessment, appraisal, and authentication of Customer information so that VIB can provide products and services according to Customer's request;
• Authenticate customers/VIB Checkout users to be able to access digital/electronic accounts, to personalize the customer/VIB Checkout user's experience with products and services on VIB digital banking applications;
• Automatically register you in digital applications for you and/or VIB to manage your transaction information at VIB;
• Activate/open, manage, maintain, close/lock the service(s) and product/service utilities that customers use;
• Provide/send statements, messages/balance confirmations/bill, email, letters or other notifications (including but not limited to: updates on changes, including any amendments, supplement, expand, suspend and replace products, services and utilities (provided by VIB or through VIB) to customers or other related parties;
• Implement VIB's advertising, marketing, promotions, incentives, and customer service;
• Respond to customer inquiries and complaints and resolve disputes;
• Serves for the conclusion, implementation, and debt collection of credit grants;
• Serves for processing customer requests related to requests to provide products and services.

3.2. Use and analyze to develop, provide, and improve the quality of products and services including:

• Create data, reports and statistics, and provide feedback to VIB and/or to relevant parties mentioned in section 4 of this Notice PDP;
• Conduct market research, surveys and data analysis related to products, services and utilities provided by VIB and/or VIB in conjunction with other parties;
• Risk assessment, trend analysis, statistics, planning, including analysis and processing of credit and risk statistical data to create and maintain credit scoring and inspection systems credit history to evaluate/appraise and maintain personal credit history data;
• Collect and record customer reviews and feedback through surveys to improve service quality.

3.3. Response to request for supporting VIB to exercise rights and obligations in compliance to VIB's laws and regulations, including:

• Manage and record calls/videos and communications via digitalchannels with customers and other relevant parties;
• Manage benefits or entitlements related to VIB's relationship with customers or arising from customers' participation in advertising, marketing, promotional events/campaigns/programs, incentives and support from VIB or VIB in combination with other organnizations and individual;
• Manage VIB's infrastructure and business operations;
• Protect or enforce VIB's rights, including but not limited to: to collect fees and charges and to recover debt; Work with relevant authorities and individuals to collect debt;
• Meet or comply with VIB's internal policies;
• Meet or comply with procedures, legal documents, rules, regulations, instructions, official dispatches, directives or requests issued by any court or competent authority (in national or international) (including but not limited to disclosure of information to competent authorities or for any other purpose required or permitted by any law, regulation or guidance of any authority);
• Conduct sales, transfers, and transfers of VIB's business and/or assets;
• Conduct sales, transfer, transfer of rights, benefits or obligations according to the customer's contract(s)/agreement(s) with VIB (including but not limited to debt trading);
• For audit purposes;
• For the purpose of storing and looking up informations and data;
• Implement and comply with agreements and contracts between VIB and other parties;
• Provide to VIB service providers.

3.4 Carry out other activities related to VIB's development, improvement, provision, operation, processing and management of banking products and services.

3.5 Create credit information products using specialized software of Vietnam Credit Information Joint Stock Company (PCB).

3.6 Serving the implementation of VIB’s rights and obligations in accordance with the law, VIB’s regulations and other purposes that VIB considers necessary from time to time.

• Employees, collaborators, branches/units in VIB's system, subsidiaries/affiliated companies of VIB;
• Companies and/or organizations acting as sellers, suppliers, partners, agents, consultants, including but not limited to:
  • The Company provides services to help VIB authenticate customers, operate products, operate websites, applications or devices, and provide customers with products or services that they have purchased, select or to manage activities on behalf of VIB, including and not limited to marketing services, newsletter sending, market surveys, training services;
  • Partners and parties affiliated with VIB to jointly provide products and services to customers;
  • The company provides administrative, postal, telecommunications, data processing, information technology, payment, credit reference, custody, data entry, verification, record management, and support services, technology, information security, data center, consulting and/or other services related to, or to support VIB's operations;
  • The company provides payment services and services related to payment transactions via websites and applications;
  • The company provides debt collection services, limited services, and credit risk control;
  • Auditing company; Law consulting company;
  • Valuation company, price appraisal, price consulting;
  • Ranking organization.
• Authorities and individuals involved in debt collection;
• Third parties (specified in section 1.3 Notice PDP) that VIB believes needs to be contacted for the purpose of Customer's debt collection;
• Transaction parties/expected transaction of purchase, sale, assignment, transfer of business and/or assets of VIB;
• Transaction parties/expected transaction, transfer, transfer of rights, benefits or obligations under the customer's contract(s)/agreement with VIB;
• Insurance companies or insurance brokers or companies that provide credit protection directly or indirectly;
• Vietnam National Credit Information Center;
• Vietnam Credit Information Joint Stock Company (PCB), Business Registration Certificate No.: 0102547296, first registration date: November 27, 2007
  The content of credit information provided to PCB is the personal data stated in section 2 of Customers/Third Parties/Related Person at VIB; Providing credit information to PCB ensures compliance with the Government's regulations on providing credit information services and other related laws.
  In case PCB’s license of providing credit information services is revoked, VIB will stop proving the credit information Customer/Third Parties/Related Person to PCB and Customers agree that these credit information at PCB will be process according to the Government’s regulations on providing credit information services.
  VIB is responsible for notifying Customers about the processing of credit information of Customers/Third Parties/Related Person within a maximum period of 10 working days from the date VIB receives PCB's notice on the method credit information processing project;
• Any person, competent or management authority or other organizations and individual to whom VIB is authorized or required to disclose under the laws of any country, or under any other contract or commitment between other organizations, individual and VIB;
• Any organization or individual involved in the exercise or maintenance of any rights of VIB under the agreements between the Customer and VIB;
• Any organization or individual that intends to pay any outstanding amount of the Customer to VIB;
• Other organizations and individuals as prescribed by law;
• Any parties that VIB considers necessary for the purposes of processing personal data stated in Section3.

5.1 Collection methods:

• Directly from customers:
  • Information declared and provided by the Customer in writing, including but not limited to: Credit application, capitalplanning, other documents related to the implementation of the credit;
  • Through the relationship established between VIB and Customers when Customers register and use any product or service through any transaction channels of VIB/VIB authorized agent;
  • From VIB's websites: VIB may collect personal data when you access any VIB websites or use any features or resources available on or through via the website;
  • From VIB's applications for mobile devices: VIB may collect personal data when customers download or use VIB's applications for mobile devices;
  • From exchanges and communications between VIB and Customers: VIB may collect personal data during the exchange and communication process between VIB and Customers (face-to-face, via mail, phone, online, digitalcommunication or any contact methods) including surveys, promotional programs, and competitions organized by VIB in which you participate;
  • Through Customer’s non-cash transactions at affiliated VIB agents/acceptance points;
  • From interactions or automatic data collection technologies: VIB may collect information including IP address, referral URL, operating system, electronic news browser and any other information provided. Record automatically from connection:
    • Cookies, flash cookies, pixel tags, electronic beacons or other tracking technologies;
    • Orther organizations, individuals’s cookies, plug-ins or social network connectors;
    • Any technology capable of tracking individual activities on devices or electronic news sites;
    • Location information or other metadata provided by a device;
    • Other means: VIB may collect personal data when customers interact with VIB through any other methods.
• From other organizations, individuals:
  • From suppliers, service providers, partners, affiliates and organizations, individuals related to VIB's business activities;
  • From Related Person, Third parties, parties with relationship with customers including but not limited to employers, guarants and other organizations and individuals in accordance with the law;
• From state agencies, competent authorities in Vietnam and other sources permitted by law.

5.2 Collection methods: 
VIB can collect your personal data by the following methods: taking notes, recording verbal instructions or information given in person, by phone, email, text message or any other electronic methods; Extract instructions or information entered directly by the Customer on the system or on electronic media; video recording and other collection methods that VIB deploys from time to time.

• Customers have the following rights: to know, agree, access, withdraw consent, request data deletion, limit data processing, provide data, object to data processing, complain, denounce, sue, request compensation for damages, and the right to self-protection according to personal data protection laws.
• Customers have the following obligations: to protect their own personal data; request other relevant organizations and individuals to protect their personal data; Provide complete and accurate personal data when agreeing to allow VIB to process personal data; Implement legal regulations on personal data protection and other obligations as prescribed by law.
• Customers are responsible for regularly checking the Notice PDP on VIB's official website to update any changes.

• VIB will begin processing personal data of Customers/Third Parties/Related Person from the time personal data is collected by VIB and throughout the period necessary for the purposes of processing personal data, specified in this Notice PDP, as well as to implement agreements and contracts that VIB enters into with customers, unless a longer data processing time is required or permitted by applicable law.
• Data processing ends when VIB no longer stores any personal data of Customers/Third Parties/Related Person according to VIB's regulations and legal regulations.
• Personal data will be stored by VIB and appropriate measures will be applied for security. To the extent permitted by law, VIB may store personal data in Vietnam or abroad, including cloud storage solutions.

• When you want to access your/Third Parties/Related Person's personal data that VIB is processing, or when you believe that the personal data held by VIB is inaccurate, not incomplete, misleading or not up to date, Customers can send a written request to access, edit or update through VIB's branch/transaction office or through other channel(s) that VIB set up and notified to Customers from time to time.
• VIB, with reasonable efforts, will comply with requests to access or correct personal data upon receipt of a complete, valid request and related processing fee (if any) from the Customer.
• Please note that VIB may, at its discretion, allow corrections upon request and/or may require additional documentation of new data to avoid fraud and inaccuracy.
• VIB commits to processing personal data of Customers/Third Parties/Related Person based on Customer's consent according to this Notice PDP, unless otherwise prescribed by law. During the data processing process, VIB always tries to ensure security barriers and apply the most optimal information security measures, however, the processing of personal data may pose risks of data leakage or inappropriate data processing. Therefore, within optimal scope and capabilities, VIB will regularly review and update management and technical measures when processing of personal data of Customers/Third Parties/Related Person.
• In case Customers notice a violation in the processing of personal data of Customers/Third Parties/Related Person, customers have the right to send a written request to VIB for processing support in the ability to prevent or limit disclosure of personal data by VIB of Customers/Third Parties/Related Person, unless otherwise prescribed by law.
• In order to meet the legal rights and obligations of Customers, the rights and responsibilities of VIB, the implementation of rights and obligations in this section will be carried out by VIB when there is sufficient basis to verify the Customer/person authorized by the Customer, the validity and legality of relevant documents and ensuring compliance with the law on data protection and other relevant regulations.
• Customers can submit a written withdrawal of their consent to any or all of the contents stated in this Notice PDP through VIB's branch/transaction(s) office or through other channel(s) that VIB may establish and notify to Customers from time to time. If you withdraw your consent to data processing according to this Notice PDP, VIB has the right to no longer provide products and services to you. Withdrawal of this consent will be considered as the customer’s unilateral termination of any contract that the Customer has signed with VIB, unilateral termination by the Customer of any commitment or obligation that VIB has established with the Customer and is considered a breach of contractual obligations/commitments between you and VIB, and we expressly reserve our legal rights and remedies in such cases. VIB will not be responsible for any costs, damages, or losses arising to Customers/Third Parties/Related Contractors due to this termination.
• Do not depend on and affect the above, Customers agree and acknowledge that any withdrawal of your consent to the processing of data under this Notice PDP will not affect the previous processing of personal data of previous Customers/Third Parties/Related Person according to the customer’s consent with VIB.
• This Notice PDP includes a Vietnamese version and an English version. In case of any difference or inconsistency between the Vietnamese version and the English version, the Vietnamese version shall prevail.

In case you have any questions related to the terms and conditions in this Notice PDP, please respond to VIB's 24/7 Call Center via email: dvkh247@vib.com.vn