Security

GENERAL TERMS AND CONDITIONS ON PERSONAL DATA PROTECTION AND PROCESSING These General Terms and Conditions on personal data protection and processing (“General

Security

GENERAL TERMS AND CONDITIONS

ON PERSONAL DATA PROTECTION AND PROCESSING

These General Terms and Conditions on personal data protection and processing (“General Terms”) outline the procedures followed by SSI Securities Corporation in the collection, processing and protection of the personal data of Data Subjects.

Article 1. Definition of terms.

The definitions of the terms used in these General Terms are as follows (unless otherwise defined by law):

1. 1. “Personal data” refers to information presented in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment, that is associated with an individual or aids in their identification.

Personal data includes basic personal data and sensitive personal data.

1.2. “Basic personal data” includes:
  1. Surname, middle name, birth name, other names (if any);
  2. Date of birth; date, month, year of death or disappearance;
  3. Gender;
  4. Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
  5. Nationality;
  6. Images of individuals;
  7. Phone number, ID card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number;
  8. Marital status;
  9. Information about family relationships (parents, children);
  10. Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace.
  11. Other information that pertains to a specific individual or helps identify a specific individual that does not fall under the category of sensitive personal data.
1.3. "Sensitive personal data" is personal data associated with an individual's privacy rights that any breach of this data can have a direct impact on the individual's lawful rights and interests, including:
a) Political views, religious views;
b) Health status and personal life are recorded in medical records, excluding information about blood type;
c) Information related to racial and ethnic origin;
d) Information about inherited or acquired genetic traits of the individual;
e) Information about physical attributes and biological characteristics of individual;
f) Information about individual's sex life and sexual orientation;
j) Data on crimes and offenses collected and stored by law enforcement agencies;
h) Customer information of credit institutions, foreign bank branches, intermediary payment service providers, other permitted organizations, including: customer identification information in accordance with the provisions of law, account information, deposit information, information about deposited assets, etc., information on transactions, information about organizations and individuals acting as guarantors at credit institutions, bank branches, intermediary payment service providers;
i) Data about the individual's location determined through location services;
j) Other personal data mandated by legislation is distinct and necessitates appropriate security measures.
 
1.4. “Personal data processing” refers to one or various activities involving personal information, such as: gathering, recording, analyzing, verifying, storing, rectifying, disclosing, merging, accessing, retrieving, recalling, encrypting, decrypting, duplicating, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other relevant actions.
 
1.5. “Data subjects” refers to individuals whose personal data is reflected by the personal data shared with SSI, including but not limited to individuals who are customers of SSI; users on SSI's digital platforms, and individuals affiliated with organizations that have legal relationships to SSI; the individual is/belongs to the party providing products and services to SSI; collaborators, potential candidates, employees; SSI shareholders or any other individuals is affiliated with or arising from the utilization, provision of products, services, labor relationships, or other legal relationships with SSI.
 
1.6. “Customer” refers to individuals and organizations that access, acquire information about, register, use, establish relationships or are associated with the products and services provided by SSI.
 
1.7. "Personal Data Subject" refers to the Data Subject, an individual, or an organization acting on behalf of or obtaining the consent of the Data Subject to provide and consent to the processing of their personal data to SSI.
 
1.8. “Company” or “SSI” refers to SSI Securities Joint Stock Company, including the company's headquarters, branches, representative offices, and transaction offices (if any).
 
1.9 “Third party” refers to organizations and individuals that are not affiliated with SSI, Customers and Data Subjects.

To clarify, any terms not explained in the General Terms will be explained in accordance with Vietnamese law.

Article 2. General principles

2.1. SSI values and respects the right to privacy, confidentiality and security of personal data. Simultaneously, SSI consistently aims to safeguard Personal Data, the privacy of Data Subjects, and adhere to the law by implementing Personal Data protection protocols in order to fulfill and adhere to enacted regulations;
2.2. SSI collects and processes Personal Data solely in compliance with the law and within the parameters of the documents and agreements established between SSI and the Customer and/or relevant party(s);
2.3. Depending on SSI's role in each specific situation are (i) Personal Data Controller; (ii) Personal Data Processor; or (iii) The Controller and processor of personal data, SSI will adhere to the rights , responsibilities as well as principles for processing Personal Data in compliance with current laws;
2.4. All rights and obligations of SSI, Data Subject, Personal Data Provider in these General Terms will not be substituted, terminated, or altered, but will coexist as the rights and responsibilities of SSI, the Data Subject, and the Party providing the personal data in any document and nothing in these General Terms implies the limitation or removal of any existing rights or responsibilities of the parties, unless otherwise agreed in writing;
2.5. The Data Subject/Personal Data Provider acknowledges and agrees that the Personal Data (including Basic Personal Data and Sensitive Personal Data) supplied to SSI will not only be restricted to the extent of personal data to be supplied but also encompasses personal data previously supplied to SSI. The ongoing utilization of SSI's services and products by the Data Subject/Personal Data Provider, as well as the continuous upholding of transactions or agreements formed with SSI subsequent to the acceptance of these General Terms, signifies the explicit, voluntary, and affirmative agreement of the Data Subject/Personal Data Subject to SSI's processing of Personal Data (comprising Basic Personal Data and Sensitive Personal Data) throughout the reception and handling of such information, commencing from the moment SSI acquires the data until a termination request is made by the Data Subject/Data Subject or as mandated by law.
2.6. When disclosing Personal Data of a third party (including but not limited to Personal Data of the organization's transaction representative, dependents, legal relatives, guardians, friends, beneficiaries, authorized persons, partners, emergency contact person or other individual) to SSI, the Personal Data Subject affirms, guarantees, and takes responsibility for ensuring that they have provided adequate information and obtained the lawful consent of the Data Subject to collect and process their Personal Data in accordance with these General Terms. The Personal Data Provider acknowledges that SSI has no obligation to verify the legality and validity of the above consent and that the storage of supporting evidence is the responsibility of the Personal Data Provider. The Party providing personal data must provide evidence of the Data Subject's consent in the requested SSI field. SSI is absolved from liability and obligated to cover expenses for damages and associated costs in cases where the personal data provider does not adhere to the regulations outlined in this Section.

Article 3. Contents of personal data processing

3.1. Collection of personal data
3.1.1. To fulfill the purposes of Article 3.2 below, SSI needs and/or is required to gather Personal Data of Data Subject.
3.1.2. Methods and procedures of SSI in gathering Personal Data
SSI may directly or indirectly gather collect Personal Data from one or various sources as listed below, including but not limited to:
a) From direct meetings with the Party providing personal data: SSI gathers information through various means such as contacting, collaborating, offering/using services, and receiving information directly from the Personal Data Provider.
b) From exchanges and communications with the Personal Data Provider when the contact between the Personal Data Provider and SSI arises, such as via email, SSI's Call Center (Contact Center), electronic communications or any other method (including but not limited to surveys,  investigations conducted or  acquired by SSI);
c) From SSI's websites when the Personal Data Provider accesses and declares Personal Data;
d) From the mobile application when the Personal Data Provider downloads, uses or declares Personal Data on SSI's mobile application.
e) From interactions or automated data collection technologies: SSI may gather Personal Data of Data Subjects automatically recorded from connections of Personal Data Subjects or related parties such as cookies, plug-ins, third party social network connection sequences or any technology capable of tracking and collecting Personal Data on those devices or websites (such as facebook, tiktok, instagram...);
f) From competent state agencies such as the State Securities Commission, Vietnam Securities Depository and Clearing Corporation, Stock Exchanges or other competent authorities in Vietnam;
g) From publicly available sources such as phone books, advertising information/flyers, information publicly available online, etc.
h) From other sources where the Data Subject consents to the sharing/provision of Personal Data, or where collection is required or permitted by law.
 
3.2. Purposes of personal data processing
 
3.2.1. SSI may process Personal Data for one or more of the following purposes:
3.2.1.1.General purpose:
a) Review the accuracy and completeness of the Personal Data provided; verify or authenticate the identity of the Data Subject and carry out procedures for Data Subject authentication.
b) To establish the relationship between SSI and the Data Subject/Personal Data Provider/Relevant Third Party;
c) To fulfill other objectives associated with SSI's business operations that SSI considers suitable periodically.
d) To protect the lawful interests of SSI and adhere to relevant laws, including but not limited to the collection fees, charges and/or the retrieval of any debts, or proceeding with lawsuits, complaints or any agreement between the  Data Subject/Personal Data Subject and SSI;
e) To evaluate any proposals related to rights, benefits or obligations outlined in the document(s), agreement(s) between the Data Subject/Personal Data Provider and SSI;
f) Provide to service providers/partners of SSI to carry out transactions for Data Subjects/Personal Data Providers and/or SSI;
g) Prevent or minimize a threat to the life, health of others and the general public;
h) To evaluate risks, analyze trends, statistics, plan, including but not limited to statistical data processing analysis, transactions, credit and anti-money laundering, terrorist financing, weapons of mass destruction financing;
i) To identify, prevent and investigate crimes, assaults, or any breaches of the law (including fraud, bribery, corruption or tax evasion);
j)To carry out transactions such as transfer, disposition, business reorganization or purchase, sale or exchange of SSI's activities and assets;
k) To meet and adhere to SSI's internal policies, procedures and any rules, regulations, instructions, directives or requirements issued by competent state agencies in accordance with the law;
 
3.1.1.2. In addition to the General Purpose in Article 3.2.1.1 above, SSI can also process Personal Data for one or various purposes corresponding to each of the following subjects:
 
 A. For the Customer
a) Evaluate legal documents, financial capabilities and customer's circumstances for any operations, products and services offered or provided by SSI;
b) Providing operations, products, and services conducted by SSI (including but not limited to products that third parties cooperate with SSI to conduct in accordance with the provisions of law);
c) Promotion and information about products, services, promotional initiatives, research, surveys, news, updates, events, contests with prizes, relevant rewards, other relevant communication and introduction activities about SSI's services and products and other partners' services in cooperation with SSI;
d) Contact to exchange information, provide writings or other documents related to transactions and the utilization of SSI's products and services;
e) Notify information about obligations, rights, changes in features, improvements and enhancements of utilities and quality of products and services;
f) Prepare financial reports, activity reports or other relevant reports in accordance with the provisions of law;
g) Conduct market research, surveys and data analysis related to any products and services provided by SSI (whether performed by SSI or another third party with whom SSI cooperates) that may relate to Customers/Data Subjects.

B. For product and service providers, leasing partners, property leases, and cooperation with SSI

a) To engage in and execute the objectives as outlined in the pertinent documents and agreements.
b) Contact, exchange, and verify information during the execution of tasks/services between the Personal Data Provider and SSI.

C. For potential candidates, collaborators, and employees

a) Review conditions for candidates and collaborators; evaluate dossiers, documents, and financial papers for the purpose of appraising and evaluate the capacity of candidates and collaborators, register candidate and collaborator profiles, and serve the recruitment process and signing service contracts;
b) Sign and manage contracts, employment and services agreements with candidates, collaborators, and employees;
c) Train, test, evaluate work quality and compliance with obligations in contracts, agreements, and commitments with SSI;
d) Manage personnel records and carry out procedures in accordance with the law with functional agencies and competent agencies such as agencies of labor, insurance, tax, State Securities Commission, etc.;
e) Carry out essential activities and tasks from agreements and contracts signed with third parties depending on the purpose and needs arising at each time such as training services, health insurance, medical examination. medical treatment, transportation, tourism, event organization, etc.;
f) Carry out other purposes related to human resource development and management.
 
3.2.2. SSI will seek consent from Data Subjects prior to utilizing their Personal Data for any purposes not outlined in the General Terms.
  1. 3.Processing of Personal Data in certain special cases
3.3.1. SSI has the capability record, video and process Personal Data obtained from CCTV ("CCTV") in areas where CCTV is installed (including but not limited to office areas, corridor areas, exit areas, etc.) in accordance with SSI's operational security requirements and for the Customer in accordance with legal regulations law;
3.3.2. SSI always respects and protects children's Personal data. In addition to the Personal Data protection measures prescribed by law, prior to processing children's Personal Data, SSI will verify the child's age and request the consent of (i) the child and/or (ii) the child's father, mother or guardian as in accordance with the provisions of law;
3.3.3. In addition to complying with other relevant legal regulations, for the processing of Personal Data related to Personal Data of people declared missing/deceased, SSI will have to obtain consent of one of the relevant individuals in accordance with the provisions of applicable law.
 
3.4. Transfer and Disclosure of Personal Data
 
3.4.1. SSI will not sell, exchange, or rent (term or indefinitely) the Data Subject's personal information without the Data Subject's consent in accordance with the provisions of applicable law. However, in order to fulfil the purposes and activities of processing Personal Data in these General Terms, the Personal Data Subject understands and agrees that SSI may disclose Personal Data to one or more of the following parties:
a) SSI's subsidiaries, including but not limited to subsidiaries, subsidiaries, joint ventures, affiliates identified by SSI from time to time;
b) SSI's internal employees and departments for the purposes set out in these General Terms and documents and agreements entered into between Customer and SSI;
c) SSI's consultants, lawyers, advisors, accountants, auditors or clients;
d) The competent authorities in Vietnam or any individuals, regulator or third party to whom SSI is permitted or required to disclose under the laws of any country, or under any other documents or agreements between the third party and SSI;
e) Business partners, rewards providers, gift providers, co-branded parties, participants in or coordinating loyalty programs, advertisers, charities or not-for-profit organizations, any related organizations for operational purposes,  carry out the business of SSI, the operator of the system, application or equipment or provide Customer with any products or services selected by the Customer or for the purposes set out in these General Terms;;
f) Any person or entity involved in exercising or maintaining any rights or obligations under the Customer/Personal Data Supplier(s) agreement(s) with SSI;
g) Parents, spouses, children and heirs of the Data Subject in case the Data Subject has died or been declared missing;
h) Third parties to whom Customer consents or SSI have a legal basis for sharing Personal Data.
 
3.4.2. SSI considers Personal Data to be private and secure. Other than the parties stated above, SSI does not disclose Personal Data to any other party, except in the following cases:
a) The Data Subject's consent.
b) When SSI is required or permitted to disclose by law; or as decided by competent state agencies;
c) When SSI transfers rights and obligations under the agreement(s) between the parties concerned and SSI or performs in accordance with the law.
 
3.5. Overseas transfers of Personal Data
 
3.5.1. For the purposes of processing Personal Data in these General Terms, SSI may be required to provide/share Personal Data to relevant SSI third parties who may be located in Vietnam or anywhere else outside of Vietnam.
3.5.2. When providing/sharing Personal Data to foreign entities, SSI will mandate that the recipient guarantees the security and protection of the transferred Personal Data. SSI and recipient guarantee adherence to legal and regulatory requirements concerning the safeguarding of Personal Data.
 
3.6. Personal Data Processing methods
Depending on the purposes for which Personal Data is processed, SSI or SSI's data processors or third parties authorized to process SSI may adopt appropriate processing practices including but not limited to automated Personal Data processing, manual or other methods in accordance with the provisions of law and SSI from time to time.
 
3.7. Personal Data Processing Time
 Depending on the specific activity, Personal Data may be processed by SSI after it has been provided, gathered, and concluded upon the fulfillment of data processing in accordance with intended objective or until the Personal Data has been deleted in accordance with regulations (whichever comes later).
 
3.8. Other contents

Other contents related to the Processing of personal data not expressed in this General Terms shall apply in accordance with applicable legal documents.

Article 4. Rights and obligations of Data Subjects in relation to Personal Data provided to SSI

4.1. Data subjects have the following rights: (i) The right to know; (ii) The right to consent; (iii) The right of access; (iv) The right to withdraw consent; (v) The right to erasure; (vi) The right to restrict data processing; (vii) The right to data disclosure; (viii) The right to object to processing; (ix) The right to complain, denounce or initiate lawsuits; (x) The right to claim damages; (xi) The right to self-protection; and (xii) other relevant rights as provided by law. The specific content of the above-mentioned rights shall comply with the provisions of current law.
4.2. SSI, in reasonable endeavors, will honor a lawful and valid request from the Data Subject within the statutory time period after receipt of the complete, valid request and the relevant processing fee (if any) from the Data Subject, subject to SSI's right to invoke any regulatory exemptions and/or exceptions legislative.
4.3. In the event that the Data Subject withdraws his/her consent, requests deletion, restriction of data processing and/or exercises other relevant rights with respect to any or all of his Personal Data, and depending on the nature of the Data Subject's request,  SSI may consider and decide whether to discontinue transactions or discontinue to provide products and services related to the use of the Customer's Personal Data/Data Subjects due to the inability to ensure the standard/quality of the products,  services assessed by SSI or as required by law need to collect relevant Personal Data when providing products or services. Actions performed in accordance with this provision constitute unilateral termination of the transaction on the part of the Data Subject/Customer for any relationship with SSI and may result in a breach of obligations or commitments under the documents, agreement between the Data Subject/Customer and SSI. When this situation arises, SSI will notify the Data Subject/Customer of the termination of products and services and the Customer/Data Subject is solely responsible for any damages incurred in connection therewith.
Customer/Data Subject should be aware that, due to the peculiarities of SSI's operations, in cases where SSI is legally obligated to retain Personal Data in certain circumstances, SSI may be unable to fulfill the data deletion request of the relevant Data Subject if the deletion of the data results in a violation of the law;
4.4. For security purposes, the Data Subject may need to make their request in writing or use another method to prove and authenticate the identity of the Data Subject. SSI may require the Data Subject to verify their identity before processing the Data Subject's request;
4.5. Data subjects are responsible for protecting their own Personal Data, requesting other relevant organizations and individuals to protect their Personal Data. Simultaneously, the Data Subject shall respect and protect the Personal Data of others;
4.6. Data subjects fully and accurately provide Personal Data to SSI when entering into contracts or using services provided by SSI;
4.7. Data subjects implement and comply with the provisions of the law on personal data protection and participate in preventing and combating violations of regulations on personal data protection;
4.8. In the event of any change or adjustment of Personal Data, the Data Subject/Personal Data Provider and/or related parties are responsible for contacting and immediately notifying SSI so that SSI can promptly update such changes and adjustments. The data subject/Personal Data Provider and/or related parties shall bear full responsibility for the delay in this notification; at the same time, the delay in this notification will exempt SSI from all damages and risks incurred (if any);
4.9. The data subject updates the information posted on SSI's website at https://ssi.com.vn/bao-mat and complies with any changes (if any) to these General Terms;
4.10. The Data Subject shall promptly notify SSI if it detects or suspects that Personal Data has been exposed, which may result in risks in the use of products, services, or any breach of Personal Data protection under these General Terms that the Data Subject may be aware of;
4.11. The Data Subject understands and agrees that SSI reserves the right to refuse to comply with the Data Subject's requests in a number of circumstances, including but not limited to: (i) the Data Subject fails to comply with the order and procedures instructed by SSI; (ii) The data subject fails to provide or provides insufficient documents and documents to verify his/her identity; or (iii) where SSI assesses signs of fraud or violations of Personal Data protection; or (iv) the provisions of law do not permit the fulfillment of the Data Subject's request;
4.12. The Data Subject acknowledges that, by accepting these General Terms, the Data Subject has been notified by SSI, is aware of and agrees to all the contents to be notified before SSI processes the Personal Data, as detailed as set out in these General Terms. The Data Subject agrees that SSI does not need to give further notice before processing Personal Data.

Article 5. Risks of Personal Data Disclosure and Safeguards

5.1. The Data Subject agrees that the processing of Personal Data will always involve potential risks due to system failures, transmission lines, force majeure events, viruses, network attacks or hardware and software failures, actions and actions of the Customer/Data Subject or any other third party affecting the provision and processing of Data personal of the Data Subject… Risks that may arise such as the Personal Data being exposed or stolen by another party result in such Personal Data being used for undesirable purposes or beyond the control of SSI and the Data Subject causing both material and emotional losses.
5.2. SSI considers Personal Data as SSI's most important asset and SSI strives to ensure confidentiality, safety, legal compliance, and limit potential unwanted consequences and damages.
5.3. The responsibility for the security of Personal Data is a mandatory requirement SSI imposes on all employees. SSI carries out its responsibility to protect Personal Data in accordance with applicable laws with the best security practices as prescribed by law and regularly reviews and updates its management and technical measures when processing Personal Data (if any).

Article 6. Retention of Personal Data

6.1. Personal data stored by SSI will be kept confidential. SSI will take reasonable measures to protect Personal Data when stored at SSI.
6.2. SSI retains Personal Data for as long as necessary to fulfill the purposes for which the relevant parties have signed with SSI and in accordance with these General Terms, unless the retention period is longer if required or permitted by the relevant party(s) and applicable laws.

Article 7. Amendment and supplementation of General Terms

SSI may amend and supplement the contents of these General Terms from time to time and ensure that such amendments and supplements are in accordance with the relevant provisions of law. Notice of any amendments will be updated, posted on SSI's website at https://www.ssi.com.vn/en/security and/or notified to Data Subjects/Customers or related parties via such means of communication as SSI deems appropriate.

To the extent permitted by applicable laws, the continued use of SSI's services and products by the Customer or related parties; or continuing to maintain transactions or agreements with SSI means that the Data Subject/Customer/related parties agree to the amendments and supplements of these General Terms without any conditions.

Article 8. Contact information for processing Personal Data

For inquiries regarding SSI's processing of the Data Subject's Personal Data, please contact us using the information below:

  • For Customers: SSI Contact Center Call Center 1900545471 - line 9
  • For candidates, collaborators, employees: Human Resources Department of SSI
  • For other service providers and partners: according to the contact information in relevant documents and agreements.

Article 9. Consent Terms

9.1. When using any service, product or accessing any SSI website, application or device or connected to SSI, or establishing a transaction or authorizing SSI to process Personal Data (either directly or through a third party), the Data Subject/Customer is deemed to have accepted and without any conditions for the policies referred to in these General Terms and changes (if any) from time to time.
9.2. These General Terms are an integral part and should be read and understood in accordance with the contracts, agreements, offers, commitments, registration for products and services established between the Data Subject/Customer/Personal Data Provider and SSI. The General Terms shall prevail in the event of any conflict or inconsistency with the contracts, agreements, offers, undertakings, subscriptions for products or services governing the relationship of the Data Subject/Customer/Personal Data Provider with SSI, whether concluded before, on or after the date of the Data Subject/Customer/Personal Data Provider these General Terms.
SSI