logo
Home
/.../Personal Data Processing Policy

Personal Data Processing Policy

Personal Data Processing Policy - Posh Collection

POSH COLLECTION

PERSONAL DATA PROCESSING POLICY

CUSTOMER PERSONAL DATA PROTECTION POLICY

This Customer Personal Data Protection Policy ("Policy") is implemented by BMG Investment - Consulting Joint Stock Company ("BMG", "Company"), describing activities related to the processing of Customer personal data so that Customers can better understand the purposes, scope of information that the Company processes, measures applied to protect information and the rights of Customers regarding these activities.

This Policy is an inseparable part of contracts, agreements, terms and conditions binding the relationship between the Company and Customers.

Article 1. Subjects and scope of application

1.1. This Policy regulates how the Company processes personal data of Customers and persons related to Customers according to relationships required by law to process data or co-users of the Company's products/services with customers when using or interacting with the electronic information pages and/or products/services of Posh Collection.

1.2. To avoid confusion, this Policy only applies to individual Customers. The Company encourages Customers to read this Policy carefully and regularly check the electronic information pages to update any changes that the Company may make according to the terms of this Policy.

Article 2. Definitions

2.1. "Customer" means an individual who accesses, learns about, registers, uses or is related in the operation process, provision of products and services of Posh Collection.

2.2. "Company" means BMG Investment - Consulting Joint Stock Company, business registration number 0315084116, head office address: C7/16 Pham Hung, Binh Hung Commune, Ho Chi Minh City, Vietnam.

2.3. "Personal data" or "PD" means information in the form of symbols, writing, numbers, images, sounds or similar forms in electronic environment attached to a specific person or helps identify a specific person. Personal data includes basic personal data and sensitive personal data.

2.4. Basic personal data includes:

  • (a) Surname, middle name and birth name, other names (if any);
  • (b) Date, month, year of birth; date, month, year of death or missing;
  • (c) Gender;
  • (d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
  • (e) Nationality;
  • (f) Image of the individual;
  • (g) Phone number, identity card number, personal identification number, passport number, driver's license number, vehicle license plate number, personal tax code, social insurance number, health insurance card number;
  • (h) Marital status;
  • (i) Information about family relationships (parents, children);
  • (j) Information about the individual's account number; personal data reflecting activities, activity history on cyberspace;
  • (k) Other information attached to a specific person or helps identify a specific person not belonging to sensitive personal data;
  • (l) Other data as prescribed by current law.

2.5. Sensitive personal data is personal data attached to an individual's privacy rights that when violated will directly affect the legitimate rights and interests of the individual including:

  • (a) Political views, religious views;
  • (b) Health status and private life recorded in medical records, excluding blood type information;
  • (c) Information related to racial origin, ethnic origin;
  • (d) Information about inherited or acquired genetic characteristics of the individual;
  • (e) Information about physical attributes, unique biological characteristics of the individual;
  • (f) Information about sexual life, sexual orientation of the individual;
  • (g) Data on crimes, criminal acts collected and stored by law enforcement agencies;
  • (h) Customer information of credit institutions, foreign bank branches, payment intermediary service providers, other permitted organizations, including: customer identification information as prescribed by law, account information, deposit information, asset deposit information, transaction information, information about organizations and individuals who are guarantors at credit institutions, bank branches, payment intermediary service providers;
  • (i) Data on the location of the individual determined through positioning services;
  • (j) Other personal data prescribed by law as specific and requiring necessary security measures.

2.6. Personal data protection: Activities to prevent, detect, stop, and handle violations related to personal data as prescribed by law.

2.7. Personal data processing: One or more activities affecting personal data, such as: collection, recording, analysis, confirmation, storage, editing, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data or other related actions.

2.8. Third party: Organizations and individuals other than the Company and Customers as explained in this Policy. For further clarification, any terms not explained in this Article will be understood and applied according to Vietnamese law.

2.9. Company transaction channels: Include electronic transaction channels (website https://www.google.com/search?q=poshcollection.com.vn; zalo; …) or other transaction channels to provide products/services or to serve the needs of the Company and customers.

Article 3. Purposes of processing Customer personal data

3.1. Customers agree to allow the Company to process customer personal data for one or more of the following purposes:

  • (a) Providing products or services or supporting customers to use the Company's products/services and/or the Company's Partners through cooperation agreements requested by Customers;
  • (b) Conducting activities to care for customers and implementing after-sales programs;
  • (c) Adjusting, updating, securing and improving products, services, applications, devices that the Company or subsidiaries (if any) are providing to Customers;
  • (d) Verifying identity and ensuring the security of Customer personal information;
  • (e) Meeting service requirements and Customer support needs;
  • (f) Notifying Customers about changes to policies, promotions of products and services that the Company is providing;
  • (g) Measuring, analyzing internal data and other processing to improve and enhance the quality of the Company's services/products or conducting marketing communication activities;
  • (h) Organizing market research activities, public opinion surveys to improve product/service quality or to research and develop new products and services to better meet customer needs;
  • (i) Preventing and combating fraud, identity theft and other illegal activities;
  • (j) To establish and exercise legal rights or protect legal claims of the Company, Customers or any individual. These purposes may include exchanging data with other companies and organizations to prevent and detect fraud, reduce credit risk;
  • (k) Complying with current law, relevant industry standards and other current policies of the Company;
  • (l) Any other purposes dedicated to the Company's operations;
  • (m) Providing information to affiliated companies, subsidiaries (if any) to achieve the above purposes and on condition that the information recipient will be bound by strict confidentiality terms similar to the terms in this document;
  • (n) Any other purposes that the Company notifies to Customers, at the time of collecting Customer personal data or before starting related processing or according to other requirements or permitted by current law.

3.2. The Company will request Customer permission before using Customer personal data for any purposes other than those stated in Article 3.1 above, at the time of collecting Customer personal data or before starting related processing or according to other requirements or permitted by current law.

Article 4. Security of Customer Personal Data

4.1. Security principles:

  • (a) Customer personal data is committed to be secured according to the Company's regulations and legal regulations. Processing of each Customer's Personal Data is only performed with Customer consent, except as otherwise provided by law.
  • (b) The Company does not use, transfer, provide or share Customer Personal Data with any third party without Customer consent, except as otherwise provided by law.
  • (c) The Company will comply with other personal data security principles as prescribed by current law.

4.2. Unintended consequences and damages that may occur: The Company uses various information security technologies to protect Customer Personal Data from being searched, used or shared unintentionally. However, no data can be 100% secure. Therefore, the Company commits to secure Customer Personal Data to the maximum extent possible. Some unintended consequences and damages that may occur include but are not limited to:

  • (a) Hardware and software errors during data processing causing Customer data loss;
  • (b) Security vulnerabilities beyond the Company's control, related systems being attacked by hackers causing data leakage;
  • (c) Customers themselves leaking personal data due to: carelessness or being deceived to access websites/download applications containing malicious software, etc....

4.3. The Company recommends that Customers secure information related to login passwords to Customer accounts, OTP codes and not share login passwords and OTP codes with anyone else.

4.4. Customers should secure electronic devices during use; Customers should lock, log out, or exit accounts on the Company's website when not in use.

Article 5. Types of personal data that the Company processes

For the Company to be able to provide products and services to Customers and/or process Customer requests, the Company may need to and/or be required to collect personal data, including:

  • (a) Basic personal data of Customers and related individuals of Customers;
  • (b) Sensitive personal data of Customers and related individuals of Customers;
  • (c) Data related to electronic information pages or applications: technical data (as mentioned above, including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to electronic information pages, application usage statistics, application settings, date and time of connection to applications, location data and other technical contact information); secure login details; usage data;
  • (d) Marketing data: interests in advertising; cookie data; clickstream data; web browsing history; responses to direct marketing; and opt-out of direct marketing.

Article 6. Methods of collecting personal data

The Company collects personal data from Customers through the following methods:

6.1. Directly from Customers through various means:

  • (a) When Customers submit registration requests or fill in information in any other forms related to the Company's and the Company's partners' products and services;
  • (b) When Customers interact with the Company's customer service staff, for example through phone calls, letters, face-to-face meetings, emails or interactions on social networks;
  • (c) When Customers use some of the Company's services, for example websites (https://www.google.com/search?q=poshcollection.com.vn) and applications including setting up online accounts with the Company;
  • (d) When Customers are contacted and respond to the Company's marketing representatives and customer service staff;
  • (e) When Customers send their personal information to the Company for any other reason, including when Customers register to use free trials of any products and services or when Customers show interest in any of the Company's products and services;
  • (f) When Customers purchase or use third-party services (such as GHN, GHTK shipping services or VNPay payment) through the Company or at the Company's transaction points and business establishments.

6.2. From other third parties:

  • (a) If Customers interact with third-party content or advertisements on electronic information pages or in applications, the Company may receive Customer personal information from related third parties, according to that third party's current legal privacy policy;
  • (b) If Customers choose to pay electronically directly to the Company (through VNPay gateway) or through electronic information pages or applications, the Company may receive Customer personal data from third parties, such as payment service providers, for that payment purpose;
  • (c) To comply with its obligations under current law, the Company may receive personal data about Customers from law enforcement agencies and public authorities;
  • (d) The Company may receive personal data about Customers from public sources (such as phone directories, advertising information/flyers, information published on electronic information pages, etc.);
  • (e) Whenever collecting such personal data, the Company will ensure that data is received from related third parties in lawful ways, while requiring those third parties to be responsible for complying with legal regulations on personal data protection.

Article 7. Organizations processing personal data

7.1. BMG Investment - Consulting Joint Stock Company.

7.2. The Company will share or jointly process personal data with the following organizations and individuals:

  • (a) Affiliated companies, member companies under the Company's management system (if any).
  • (b) Member units that the Company directly or indirectly owns.
  • (c) Contractors, agents, partners, operating service providers of the Company (For example: shipping units such as GHN, GHTK; payment partners such as VNPay; partners providing website infrastructure, storage technology).
  • (d) Branches, business units and employees working at the Company's branches, business units, and agents.
  • (e) Telecommunications businesses when necessary for reconciliation or support of payment of fees related to customer services used.
  • (f) Commercial stores and retailers related to the implementation of the Company's promotional, gift or discount programs.
  • (g) The Company's professional advisors such as auditors, lawyers, etc. as prescribed by law.
  • (h) Courts, competent state agencies in accordance with legal regulations and/or when requested and permitted by law.

7.3. The Company commits that sharing or jointly processing personal data is only performed when necessary to achieve the Processing Purposes stated in this Policy or as prescribed by law. Organizations and individuals receiving Customer personal data must comply with the provisions in this Policy and legal regulations on personal data protection. Although the Company will make every effort to ensure that Customer information is anonymized/encrypted, it cannot completely exclude the risk that this data may be disclosed in force majeure cases.

7.4. In case there is participation of other personal data processing organizations stated in this Article, Customers agree that the Company will notify Customers before the Company implements.

Article 8. Processing personal data in some special cases

The Company ensures that processing of Customer personal data fully meets the requirements of the Law in the following special cases:

8.1. Surveillance camera footage (CCTV) at the Company's store system, in specific cases, may also be used for the following purposes:

  • (a) for quality assurance purposes;
  • (b) for public security and occupational safety purposes;
  • (c) detecting and preventing suspicious, inappropriate or unauthorized use of the Company's utilities, products, services and/or facilities;
  • (d) detecting and preventing criminal acts; and/or
  • (e) conducting incident investigations.

8.2. The Company always respects and protects children's personal data. In addition to personal data protection measures prescribed by law, before processing children's personal data, the Company will verify the age of children and require consent from (i) children and/or (ii) parents or guardians of children as prescribed by law.

8.3. In addition to complying with other relevant legal regulations, for processing personal data related to personal data of persons declared missing/deceased, the Company must obtain consent from one of the related persons as prescribed by current law.

Article 9. Rights and obligations of Customers regarding personal data provided to the Company

9.1. Customer rights:

  • (a) Customers have the right to know about the processing of their personal data, except as otherwise provided by law.
  • (b) Customers may agree or not agree to allow processing of their personal data, except as otherwise provided by law.
  • (c) Customers have the right to access to view, edit or request editing of their Personal Data in writing to the Company, except as otherwise provided by law.
  • (d) Customers have the right to withdraw their consent in writing to the Company, except as otherwise provided by law. Withdrawal of consent does not affect the legality of data processing that Customers have agreed with the Company before withdrawing consent.
  • (e) Customers have the right to delete or request deletion of their personal data in writing to the Company, except as otherwise provided by law.
  • (f) Customers have the right to request restriction of processing of their Personal Data in writing to the Company, except as otherwise provided by law. Data processing restriction will be implemented by the Company within 72 hours after Customer request, for all Personal Data that Customers request to restrict, except as otherwise provided by law.
  • (g) Customers have the right to request the Company to provide their Personal Data to themselves in writing to the Company, except as otherwise provided by law.
  • (h) Customers have the right to object to the Company, Personal Data Processing Organizations specified in this Policy processing their personal data in writing to the Company to prevent or limit disclosure of PD or use of PD for advertising and marketing purposes, except as otherwise provided by law. The Company will implement Customer requests within 72 hours after receiving the request, except as otherwise provided by law.
  • (i) Customers have the right to complain, denounce or sue as prescribed by law.
  • (j) Customers have the right to request compensation for actual damages as prescribed by law if the Company violates regulations on protection of their Personal Data, except as otherwise agreed by the parties or as otherwise provided by law.
  • (k) Customers have the right to self-protect as prescribed by the Civil Code, other relevant laws, or request competent agencies and organizations to implement methods of protecting civil rights as prescribed in Article 11 of the Civil Code.
  • (l) Other rights as prescribed by current law.

9.2. Customer obligations:

  • (a) Comply with legal regulations, Company regulations and guidelines related to processing Customer Personal Data.
  • (b) Provide fully, honestly, and accurately Personal Data and other information as required by the Company when registering and using the Company's services (such as when purchasing at Posh Collection) and when there are changes to this information. The Company will secure Customer Personal Data based on the information Customers have registered, so if there is any incorrect information, the Company will not be responsible in case that information affects or limits Customer rights. In case of non-notification, if risks or losses arise, Customers are responsible for errors or acts of abuse or fraud when using services due to their own fault or failure to provide correct, complete, accurate, and timely information changes; including financial damages and costs arising from incorrect or inconsistent information provided.
  • (c) Cooperate with the Company, competent state agencies or third parties in case of issues affecting the security of Customer Personal Data.
  • (d) Self-protect their personal data; actively apply measures to protect their Personal Data during use of the Company's services; promptly notify the Company when detecting errors or confusion about their Personal Data or suspecting that their Personal Data is being violated.
  • (e) Take responsibility for information, data, and consent that they create and provide in the network environment; take responsibility in case personal data is leaked or violated due to their own fault.
  • (f) Regularly update the Company's Regulations and Policies in each period notified to Customers or posted on the website https://www.google.com/search?q=poshcollection.com.vn and/or other transaction channels of the Company in each period. Perform actions according to the Company's instructions to clearly express consent or non-consent to Personal Data processing purposes that the Company notifies to Customers in each period.
  • (g) Respect and protect other people's personal data.
  • (h) Other responsibilities as prescribed by law.

Article 10. Data storage

The Company commits to only store Customer personal data in cases related to the purposes stated in this Policy. The Company may also need to store Customer personal data for a period of time to achieve the purposes stated in this policy and when current law requires.

Article 11. Data processing methods

The Company applies one or more activities affecting personal data such as: collection, recording, analysis, confirmation, storage, editing, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data or other related actions.

Article 12. Cookies

12.1. When Customers use or access the Company's websites and online information pages (hereinafter collectively referred to as "electronic information pages") (https://www.google.com/search?q=poshcollection.com.vn), the Company may place one or more cookies on Customer devices. "Cookie" is a small file placed on Customer devices when Customers access an electronic information page, recording information about Customer devices and browsers and in some cases, Customer preferences and electronic information browsing habits. The Company may use this information to recognize Customers when they return to the Company's electronic information pages, to provide personalized services, to compile analytical data to better understand the operation of electronic information pages and to improve service quality. Customers can use their browser settings to delete or block cookies on their devices. However, if Customers decide not to accept or block cookies from the Company's electronic information pages, Customers may not be able to take full advantage of all available features.

12.2. The Company may process Customer personal information through cookie technology, according to the provisions of this Article. The Company may also use remarketing measures to distribute advertisements to individuals that the Company knows have previously accessed its electronic information pages.

12.3. To the extent that third parties have assigned content to the Company's electronic information pages (for example: social media features such as Facebook, Instagram), those third parties may collect Customer personal information (for example: cookie data) if Customers choose to interact with that third party's content or use that third party's services.

Article 13: Processing personal data with foreign elements

To achieve the personal data processing purposes in this Policy, the Company may have to provide/share Customer personal data to the Company's related third parties and these third parties may be in Vietnam or any other location outside the territory of Vietnam.

13.1. When providing/sharing personal data abroad, the Company will require the recipient to ensure that Customer personal data transferred to them will be secure and safe. The Company ensures compliance with legal obligations and regulations related to transferring Customer personal data.

13.2. Customers in the European Union (EU): Customer personal data may be accessed, transferred and/or stored outside the European Economic Area (EEA), including countries that may have lower levels of data protection under EU data protection law, the Company must comply with specific rules when transferring Personal Data from inside the EEA to outside the EEA. In that case, the Company will use appropriate protective measures to protect all Personal Data transferred.

Article 14. Contact information for personal data processing

If Customers have any questions related to this Policy or issues related to data subject rights or processing of Customer personal data, Customers can use the following contact methods:

Send mail to the Company at: C7/16 Pham Hung, Binh Hung Commune, Ho Chi Minh City, Vietnam.

Send email to: poshcollection.cskh@gmail.com

Hotline: 0707055538

Article 15. General provisions

15.1. This Policy takes effect from December 10, 2024. Customers understand and agree that this Policy may be amended from time to time and notified to Customers through the Company's website https://www.google.com/search?q=poshcollection.com.vn before application. Changes and effective dates will be updated and publicly announced. Customers continuing to use services after the notification period means that Customers have accepted those amendments and supplements.

15.2. Customers have clearly known and agreed that this Policy is also the Personal Data Processing Notice specified in Article 13 of Decree 13/ND-CP/2023 and amended and supplemented from time to time before the Company conducts Personal Data Processing. Accordingly, the Company does not need to take any other measures for the purpose of notifying Personal Data Processing to Customers.

15.3. Customers commit to strictly implement the provisions in this Policy. Issues not yet regulated, the Parties agree to implement according to legal regulations, guidelines of competent State agencies and/or amendments and supplements to this Policy notified by the Company to customers from time to time.

15.4. Customers may see advertisements or other content on the Company's website linking to electronic information pages or services of partners, advertisers, sponsors or other third parties. The Company does not control the content or these links and is not legally responsible for activities used by those third parties.

15.5. This Policy is concluded on the basis of good faith between the Company and Customers. During implementation, if disputes arise, the Parties will actively resolve them through negotiation and mediation. In case mediation fails, disputes will be brought to competent People's Courts for resolution according to Vietnamese law.

15.6. Customers have carefully read, clearly understood the rights and obligations and agreed with all contents of this Personal Data Protection Policy.

15.7. When receiving requests to exercise Customer rights as prescribed, the Company will take necessary steps to confirm the identity of the requester before implementation. In case the Company performs deletion, destruction, or restriction of data use as requested, Customer rights related to services (such as points accumulation, warranty, order history) may be interrupted or terminated.

Contact
POSH COLLECTIONAddress: C7/16 Pham Hung Street, Binh Hung Commune, Ho Chi Minh City, VietnamHotline: 0707055538Email: poshcollection.cskh@gmail.comWebsite: poshcollection.com.vnDesiged by BMG companyBMG INVESTMENT - CONSULTING JOINT STOCK COMPANYBusiness registration number: 0315084116
Customer Service
Privacy PolicyPayment PolicyShipping PolicyProduct Exchange PolicyPurchase PolicyPersonal Data Processing PolicyTerms of Service
Connect
FacebookFacebookZaloZalo
DMCA.com Protection StatusNotified to Ministry of Industry and Trade ►
Posh Collection - Thời trang cao cấp