A: NOTICE ON PROCESSING OF PERSONAL DATA OF CUSTOMERS
(Issued per Decision No. 001/NTI-HCM/XII/2023 dated 20 December 2023 of the General Director)
- GENERAL PROVISION
NITORI TRADING VIETNAM COMPANY LIMITED (hereinafter referred to as “NTI” or “we”) understands the importance and always respects the privacy of customers of NTI (“Customers”). NTI is committed to protecting Customer's personal data in accordance with Vietnamese laws as well as the strict requirements of NTI.
In compliance with Decree No. 13/2023/ND-CP of the Government on the Protection of Personal Data, effective from 01 July 2023, NTI would like to inform Customers of Customer's Privacy Policy ("Privacy Policy"). The purpose of this Privacy Policy is to outline how the Company protects the Customer's data in accordance with the Company's policies, the provisions of Vietnamese laws on the protection of personal data, and all applicable laws relating to privacy and personal data protection of Vietnam (“Privacy Laws”).
-
DEFINITION OF TERMS
- “Personal Data” refers to electronic information in the form of symbols, letters, numbers, images, sounds, or in a similar form in the electronic environment which is associated with an individual or used to identify an individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.
- “Basic Personal Data” includes: a) Last name, middle name and first name as stated in the birth certificate, other names (if any); b) Date of birth; date of death or missing; c) Gender; d) Place of birth, place of birth registration; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address; dd) Nationality; e) Personal image; g) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate number, taxpayer identification number, social insurance number and health insurance card number; h) Marital status; i) Information about the individual’s family relationship (parents, children); k) Digital account information; personal data that reflects activities and activity history in cyberspace; l) Information associated with a specific individual or helping identify a specific individual other than Sensitive Personal Data.
- “Sensitive Personal Data” refers to personal data in association with an individual’s privacy which, when being infringed, shall cause a direct effect on the legitimate rights and interests of such individual, including: a) Political and religious views; b) Health status and privacy stated in medical records, excluding information on blood type; c) Information about racial or ethnic origin; d) Information related to an individual's inherited or acquired genetic characteristics; dd) Information about an individual’s physical attributes and biological characteristics; e) Information about an individual’s sex life or sexual orientation; g) Data on crimes and criminal acts collected and stored by law enforcement agencies; h) Information on clients of credit institutions, foreign bank branches, intermediary payment service providers and other licensed institutions, including: information on client identification as prescribed by law, information on accounts, information on deposits, information on deposited assets, information on transactions, information on organizations and individuals that are securing parties at credit institutions, bank branches, and intermediary payment service providers; i) Personal position identified via positioning services; k) Other personal data defined as specific by law that requires necessary protection measures.
- “Data Subject” refers to an individual identified by Personal Data.
- “Personal Data Processing” or “Data Processing” refers to one or multiple activities that impact on personal data, including collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.
- “Company” or “NTI” refers to Nitori Trading Vietnam Company Limited, incorporated under Enterprise Registration Certificate No. 0313596856 issued for the first time on 31 December 2015 by the Department of Planning and Investment of Ho Chi Minh City, having its head office address at 194 Golden Building, 473 Dien Bien Phu, Ward 25, Binh Thanh District, Ho Chi Minh City, Vietnam.
- “Customer” means an individual who approaches, learns, registers, transacts, uses products and services of NTI, or is involved in the operation and provision of products and services of NTI.
- “Data Protection Officer (DPO)” means one or more individuals designated by the Company to ensure that the Company complies with Privacy Laws.
-
TYPES OF PERSONAL DATA COLLECTED AND METHOD OF COLLECTING PERSONAL DATA
- In order for NTI and/or a data processor authorized by NTI to provide products and services to Customers, and/or handle Customer's requests, NTI and/or the data processor may need to and/or be required to collect Personal Data, including: (i) Basic Personal Data and (ii) Sensitive Personal Data relating to Customers and individuals related to Customers.
Personal Data that may be collected and processed are the types of information listed below and are subject to change from time to time depending on the Data Subject's relationship with NTI:
- Last name, middle name and first name as stated in the birth certificate, other name (if any); Date of birth; Gender;
- Place of permanent residence, contact address; Nationality;
- Personal image; fingerprints; Phone number, ID card number/Citizen identity card number, passport number, email;
- Information of bank account;
- The information shown on ID card/Citizen identity card, passport;
- Photos and other visuals, security camera footage and other information obtained through electronic means such as card swipe data;
- Other additional information related to NTI's provision of products and services, such as information provided by Customers when Customers participate in surveys, activities on Social Network of NTI (in Blog, Facebook Fanpage, etc.).
- Information about usernames or any settings the user may have chosen, personal data reflecting activity, activity history when Customers use NTI’s website.
- NTI and/or a data processor authorized by NTI, may collect Data Subject's Personal Data from the following sources:
- through the transaction between the Customer and NTI, when the Customer provides information in the transaction records and documents, creates an account to use the service, when participating in surveys, promotions for customers;
- information obtained from any publicly available source, or regulatory authority;
- through video archives from security cameras at NTI's offices/customer service centers or video footage of events organized by NTI or a unit authorized by NTI;
- from third party sources with whom the Customer has consented that such third party may share/provide Customer's Personal Data, or sources where collection is required or permitted by law;
- information provided by the Customer via phone, email, correspondence between the Customer and NTI;
- when the Customer uses NTI’s websites, applications or social media platforms, NTI can collect Personal Data declared or made public by the NTI may also automatically collect Personal Data through the use of cookies, and other similar technologies whenever a Customer's web browser views our websites or materials provided by or on behalf of NTI on another website.
-
DATA PROCESSING
- Data Processing Purposes
NTI collects, processes and discloses Customer's Personal Data to the extent necessary for NTI business activities. In particular, the Customer agrees that Customer's Personal Data may be processed for one or more of the following purposes:
- To fulfill our contractual obligations and to provide an appropriate level of service to our customers
- to serve the conclusion and performance of contracts and agreements/commitments (if any), including providing Customer with order status; to provide products or services that the Customer has purchased; to provide technical advice such as how to use the product or technology; to process Customer’s payments, communicating and sending notices to the Customer, to answer Customer's questions or handle claims, and other activities related to conclusion and performance of contracts;
- To manage our daily business needs and events related to Customer’s participation in our promotional and product testing programs; to enable Customer to participate in one of our activities or events or to send Customer samples that Customer requests;
- To learn and assess consumer preferences, needs and demand changes, to improve our current products and services and/or develop new products and services;
- To facilitate/perform other activities per request to fulfill our contractual obligations and deliver appropriate levels of service to the Customer.
- To communicate with Customers:
- to verify the identity of individuals who contact us by telephone, electronic means or otherwise;
- to contact the Customer or communicate with the Customer by phone/voice call, text message and/or fax message, email and/or postal mail. The Customer acknowledges and agrees that such communications by us could be by way of the mailing of correspondence, documents or notices to the Customer, which may involve the disclosure of certain personal data about the Customer to bring about delivery of the same as well as on the external cover of the envelopes/mail packages;
- To carry out the Company's business and other related activities:
- to serve accounting and financial requirements. Accordingly, NTI collects, stores and uses Customer's data for internal business purposes, such as record filing and compliance with our legal and financial obligations. These data will be stored in accordance with applicable laws;
- To comply with NTI’s operational, audit, administrative, security, and risk management policies, procedures, and processes including, but not limited to, CCTV monitoring, daily activity logs, authentication of individuals, storage and backup of email communications;
- To facilitate business asset transactions (which can extend to any acquisition, merger or sale of assets) involving the Company and any NTI’s affiliates;
- Data archiving; storing, hosting, backing up (whether for disaster recovery (DR) or otherwise) of Customer's Personal Data;
- Internal and external publications;
- To protect and enforce the Company’s contractual and legal rights and obligations;
- To comply with legal and regulatory requirements:
- To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to NTI, including meeting the requirements to make disclosure under any law binding on NTI and/or for the purposes of any guidelines issued by a regulatory or other competent authorities (whether of Vietnam or a country other than Vietnam), with which we or NTI’s affiliates must comply;
- To comply with or as required by any request or direction of any governmental authority (whether of Vietnam or a country other than Vietnam) which we are expected to comply with; or to respond to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose the Customer's personal data to the aforementioned parties upon their request or direction.
- For direct marketing purposes:
Where the Customer agrees to allow NTI to process Personal Data for the purpose of implementing marketing programs, announcements and introduction of products and services of NTI and its partners, the Customer agrees that NTI and/or partners of NTI have the right to market, advertise and introduce products according to the content, form and frequency as follows:
- Content: Marketing and introducing advertising products of NTI and partners of NTI.
- Method: Via advertising messages, announcements on NTI’s website and applications or other methods as prescribed by law.
- Form: The Company may/will send the Customer via email, postal mail or other means of communication the marketing and promotional information and materials related to the products and/or services of NTI or a partner of NTI, whether such products or services are currently available or to be created in the future.
- Frequency: According to the law on advertising.
In addition to the above provisions, NTI is responsible for complying with the provisions of the law on advertising.
(the purposes set forth above shall be collectively referred to as the “Purposes”).
- Methods of Processing Personal Data
From time to time and depending on each of the above Purposes, NTI and/or the data processor authorized by NTI may perform one or more activities that impact on personal data, including collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.
The Personal Data Processing activities may be performed by NTI in an automatic or non-automatic manner, by electronic means or by manual means or by any other means that NTI and/or the data processor authorized by NTI deem appropriate.
-
PARTIES INVOLVED IN THE PROCESSING OF PERSONAL DATA
- In order to carry out the purposes and personal data processing activities in accordance with this Privacy Policy, NTI may transfer and disclose Customer's personal data to the following parties:
- staff and employees of NTI;
- NTI’s affiliated companies;
- the professional advisors (such as auditors and attorneys) of the Company or any of NTI’s affiliated companies.
- individuals, authorities or regulatory bodies or third parties to whom NTI is permitted or required by law to disclose;
- service providers to NTI (such as telecommunications service provider, information technology service provider, data storage, receiving, and processing unit, order processing unit, shipping unit, postal and delivery service provider, website functionality unit, email and text message delivery and monitoring service provider, advertising, linking and related analytics service provider, customer support and call center service provider, distribution service provider of the Company or any of NTI’s affiliated companies) to which data sharing/disclosure is necessary for NTI to perform its obligations to the Customer;
- credit institutions, intermediary payment service providers;
- any business partner, investor, assignee or transferee (actual or potential) to facilitate business asset transactions (which may extend to any acquisition, merger, or sale of assets) involving the Company or any of its affiliates;
- any assignee or possible assignee of the rights and obligations of the Company or any of its affiliates;
- other parties agreed by the Customer or with whom NTI has a legal basis to share the Customer's personal data.
- When disclosing the Customer's personal data to third parties, the Company ensures that the third parties will secure the Customer's personal data from unauthorized access, collection, use, disclosure, processing of data information or similar risks and retain the Customer's personal data only for the period necessary to achieve the purposes mentioned above.
-
START TIME AND END TIME OF PERSONAL DATA PROCESSING
- Data processing’s start time:
NTI will start processing personal data from the time of receiving personal data.
- Data processing’s end time:
Until the completion of the Purposes for which the data was collected or until necessary to comply with statutory obligations and to resolve any dispute or until the information provided is requested to be deleted by the Data Subject.
-
DATA SUBJECT’S RIGHTS AND OBLIGATIONS
- Data Subject’s Rights
Under Privacy Laws, as a Data Subject, the Customer has the following rights:
- Right to be informed
The Customer has the right to be informed of the processing of the Customer’s Personal Data, unless otherwise provided by law. The Customer has the right to be informed about how we use the Customer's personal data and rights of the Customer in a manner that is clear, transparent and simple to understand. Therefore, we provide the Customer with the information contained in this Privacy Policy.
- Right to give consent
The Customer has the right to consent or not to consent to the processing of the Customer’s personal data, except as provided in Article 8 of this Privacy Policy.
- Right to access
The Customer has the right to access his/her personal data in order to view, modify, or request the modification of his/her personal data, unless otherwise provided by law.
- Right to withdraw consent
The data subject has the right to withdraw his/her consent, unless otherwise provided by law.
- Right to delete personal data
The Customer has the right to delete or request the deletion of his/her personal data, unless otherwise provided by law.
- Right to restrict the data processing
The Customer has the right to request the restriction of the processing of his/her personal data, unless otherwise provided by law;
We will implement data processing restriction within 72 hours upon receiving the Customer’s request, for all Personal Data that the Customer requests to restrict, unless otherwise provided by law.
- Right to obtain personal data
The Customer has the right to request us to provide him/her with his/her Personal Data, unless otherwise provided by law.
- Right to object to data processing
The Customer has the right to object to our processing of his/her Personal Data for the purpose of preventing or restricting the disclosure or use of personal data for advertising or marketing purposes, unless otherwise provided by law.
We will process Customer's request within 72 hours upon receiving the request, unless otherwise provided by law.
- Right to file complaints, denunciations and lawsuits
The Customer has the right to file complaints, denunciations and lawsuits as prescribed by law.
- Right to request compensation for damages
The Customer has the right to request compensation for damages as prescribed by law when there are violations of regulations on protection of his/her Personal Data, unless otherwise agreed by parties or otherwise prescribed by law
- Right to self-protection
The Customer has the right to self-protection according to regulations of the Civil Code, other relevant laws, Decree 13/2023/ND-CP, and other provisions of laws, or to request competent agencies and organizations to implement civil right protection methods.
To exercise these rights, the Customer should contact us at the details provided below. The Customer needs to provide proof of his/her identity and state the rights to be exercised for our support.
In the event that the Customer withdraws his/her consent, requests data deletion and/or exercises other relevant rights with respect to any or all of the Customer's personal data. The acts performed by the Customer in accordance with these regulations may affect NTI’s ability to continue to provide its products and services to the Customer, and NTI reserves all legal rights and remedies of NTI in such cases. Accordingly, NTI will not be held liable to Customer for any loss incurred and NTI’s legal rights will be expressly reserved with respect to limitation, restriction, suspension, cancelation, prevention of the processing of Customer's data.
- Data Subject’s Obligations
According to the Privacy Laws, as a Data Subject, the Customer has the following obligations:
- Protect his/her own personal data; request relevant organizations and individuals to protect his/her personal data;
- Respect and protect others’ personal data;
- Fully and accurately provide his/her personal data when he/she consents to the data processing;
- Participate in dissemination of personal data protection skills; and
- Comply with legal regulations on protection of personal data and participate in prevention of the violations against regulations on protection of personal data.
- PERSONAL DATA PROCESSING WITHOUT THE CONSENT OF DATA SUBJECT
Personal Data may be processed without the consent of the Customer – as a Data Subject – as required by law in the following cases:
- In urgent cases requiring immediate processing of relevant Personal Data to protect life and heath of the Customer or others.
- When Personal Data is required to be publicly disclosed in accordance with the law.
- When Personal Data is processed by competent state agencies in cases of urgent situations related to national defense, national security, social order and safety, major disasters, dangerous epidemics, or when there is a risk threatening security and national defense, but the situation has not reached the level of declaring a state of emergency; to prevent and combat riots and terrorism, to prevent and combat crimes and law violations as prescribed by the law.
- To perform the Customer's contractual obligations with relevant agencies, organizations and individuals in accordance with the law.
- To serve the activities of state agencies as prescribed by specialized laws.
-
PROTECTION OF PERSONAL DATA
- Understanding the importance of personal data protection, NTI will regularly review and update management and technical measures when processing Customer's personal data.
- To the best of our ability, access to Customer’s Personal Data is limited to those who need to know. Individuals with access to data are required to maintain the confidentiality of such information.
-
UNDESIRABLE CONSEQUENCES AND DAMAGE THAT MAY OCCUR
- Although NTI will do its best to protect Customer's Personal Data, the transmission and storage of information is, however, vulnerable to unauthorized third-party activity. Some undesirable consequences and damages may include, but are not limited to:
- Hardware and software failures in the data processing that cause data loss of service providers;
- Security hole beyond our control, system attacked by a third party causing data leakage;
- The service provider arbitrarily discloses personal data due to: carelessness or fraud; access to websites/download apps that contain malware…
- In the limited undesirable events, if an incident or violation is detected with respect to personal data, NTI will proceed to notify relevant parties of the incident/breach within a period as prescribed by law, and at the same time will make efforts to overcome and minimize the consequences and damage within NTI’s ability and in accordance with applicable laws.
- HOW TO CONTACT US
If the Customer wishes to exercise his/her rights, has any questions, complaints or grievances, or comments regarding this Privacy Policy and/or our processing of Customer’s personal data, please contact our Data Protection Officer at:
Address: NTI Trading Vietnam Company Limited, 194 Golden Building, 473 Dien Bien Phu, Ward 25, Binh Thanh District, Ho Chi Minh City, Vietnam
Attention: Data Protection Officer
Email: chau_bui@nitori.com.my
- AMENDMENTS AND SUPPLEMENTS TO POLICY
NTI reserves the right to modify this Privacy Policy from time to time if necessary. Notice of any amendment, update or adjustment will be updated, posted on the website of NTI: https://www.nitori.com.vn/pages/privacy-policy and/or sent to the Data Subject through other means of communication that NTI considers appropriate.
B. COOKIES POLICY
(Issued per Decision No. 001/NTI-HCM/XII/2023 dated 20 December 2023of the General Director)
- GENERAL PROVISION
When you visit our website, we are using “cookies” to facilitate your use of our website. Cookies are small units of data temporarily stored on the hard disk of your computer by your browser that are necessary for using our website. Cookies allow the website to store unique identifier (which is an anonymous number) in your browser while you are on the website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies do lots of different and useful jobs to make the website work, or to work more efficiently, generally improving your online experience, and helping us to offer you the best product and services.
There are two broad categories of cookies:
First Party Cookies
First party cookies are set by the website you are visiting and they can only be read by that site.
Third Party Cookies
Third party cookies are set by other organizations that we use for different services. For example, we use external analytics services and these suppliers’ set cookies on our behalf in order to report what’s popular and what’s not. The website you are visiting may also contain content embedded from, for example, YouTube and these sites may set their own cookies.
Why should I allow cookies?
The information contained in cookies is used to improve services for you, for example:
- enabling a service to recognize your device whenever you visit our website so you don't have to give the same information several times during one task, e.g., filling out a web form or a web survey;
- Carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests to support the product finder;
- allowing the video player to function properly;
- measuring how many people are using services and detect their browser’s capabilities, so they can be made easier to use and there's enough capacity to ensure they are fast; analyzing anonymized data to help us understand how people interact with the different aspects of our online services so we can make them better.
What if I decline?
Please be aware that restricting cookies may impact on the functionality of our website. If you decide to block cookies, this may stop certain features of this Website working properly. This will restrict what you can do on our site.
- Searching for products
- Searching for crafting descriptions
- Watching Videos
- Like and share this page in social networks
If you use your browser settings to refuse or block cookies, you may not be able to access all or parts of our site, or may not be able to use the full functionality of our website.
Cookies used on this website
Our website uses four primary types of cookies:
- Strict necessary cookies:
These cookies are essential to the functioning of the website. Essential parts of the website cannot be used without them. Accordingly, these cookies are always activated. They are also used to access the mobile-optimized website display so that, for example, your data capacity is not used up unnecessarily.
- Functional cookies:
Functional cookies allow us to enhance your experience by enabling the website to store information such as the user’s name or any settings you may have selected and to offer the user improved and personalized functions based on this information. The information collected is only evaluated in aggregated form. Functional cookies are also used to activate the functions you desire, such as the playback of videos.
- Performance cookies:
These cookies collect data on user behaviour to measure the website’s performance. On this basis, the website is adjusted to the general user behaviour in terms of content and functionality. Performance cookies therefore enable to improve the performance of the website and to tailor the online experience to the needs of the users. In using performance cookies we do not store any personal data, and only use the information collected through these cookies in aggregated and anonymized form.
- Targeting cookies
Marketing cookies are used to track user activity and sessions so that we can provide more relevant content to the user and adapted to their interests. They are also employed in the assessment and management of campaign efficacy. You won't see or get less content as a result of withdrawing your consent to marketing cookies, though. Instead, it means that the information you see and receive is not personalized for you.
How to control or delete Cookies?
Most web browsers are initially configured to accept cookies automatically. You can modify your browser settings so that you are alerted before specific cookies are placed if you do not want our websites to place cookies on your device. Additionally, you may change your browser’s settings to only accept some of our cookies or to reject all cookies from third parties. By deleting the already-stored cookies, you can also withdraw your consent to their use.
You must make sure that each browser on each device is configured to match your cookie preferences if you access our website from several devices (such as your computer, smartphone, or tablet).
Third parties are responsible for the cookies they set on our site, and we do not have access to or control over cookies or other features these third parties may use. The information practices of these third parties are not covered by this Cookie Policy. To opt-out of third-parties collecting any data about your interaction on our website, please refer to their websites for further information.
Use the button below to switch between allowing or not allowing cookies set by this site.
The Cookie Policy cookie will remain as it is required to remember your choice.
Duration of Cookies
Each type of cookies has its own duration based on its function, generally as follows:
- Session Cookies. These cookies are temporary cookies that remain on your device until you leave our websites; or
- Persistent Cookies. These cookies remain on your device for much longer or until you manually delete them (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie, as well as your browser settings, as stated below).
Changes to this Cookie Policy
We may modify this Cookie Policy to reflect changes in our practices and services. Any changes to this Cookie Policy will be published on this page. When we post changes to this Cookie Policy, we will revise the “Last updated” date at the top of this Cookie Policy. This enables you to inform yourself at any time about the way we collect, use, and/or share information held in cookies. We recommend that you check this page from time to time to inform yourself of any changes in this Cookie Policy or any of our other policies.