NOTICE ON PERSONAL DATA PROCESSING

1.     This Notice on Personal Data Processing (“Notice”) outlines the terms and conditions for us, Aspire Joint Stock Company, having the enterprise registration number 0315343709 (the “Company”) to process and implement the protection to your (“Data Subject”) personal data. For the purpose of this Notice,

1. “Personal Data” means any information that is expressed in the form of symbol, text, digit, image, sound or in similar forms in electronic environment that is associated with a particular natural person or helps identify a particular natural person. For the purposes as stated in Section 3 of this Notice and in compliance with relevant provisions governing the operation of the Company, the Company may process the following Personal Data:

Ø  Basic Personal Data:

(i)          Family name, middle name and first name as stated in the birth certificate, and other names (if any); Date of birth; Gender; Place of birth, place of birth registration, place of permanent residence, place of temporary residence, place of current residence, hometown, contact address; Nationality;

(ii)         Personal image (including but not limited to images, statements in the programs, events, and festivals organized by the Company);

(iii)       Phone number, people’s identity card number, personal identification number, passport number, driver’s license number, license plate number, personal tax identification number, social insurance number, health insurance card number;

(iv)       Information on personal digital accounts; personal data that reflects activities or history of activities in cyberspace;

(v)        Other information associated with a specific person or helping identify a specific person;

(vi)       Information automatically collected when Data Subject uses the Company’s website, and other communication means such as IP address, cookie(s), device serial number, etc. and accessed information sources.

Ø  Sensitive Personal Data: Other information related to the operation, provision and evaluation of the Company’s activities, products and services in accordance with the provisions of the Vietnamese laws.

2. “processing”, “processed” or “process” in any forms when being mentioned shall refer to one or more operations that affect personal data, such as: obtaining, recording, analysis, confirmation, storage, alteration, publicity, combination, access, retrieval, recovery, encryption, decryption, duplication, sharing, transmission, provision, transfer, deletion, destruction of personal data or other relevant operations.

2.     The Company are committed to complying with Decree No. 13/2023/ND-CP dated April 17, 2023, as amended, replaced from time to time, on the protection of personal data and all relevant regulations regarding personal data (“Decree 13”).

3.     You hereby authorize us to collect, store, process, and use the personal data that you provide for each or all of the following purposes (“Purposes”):

1. Providing services: To respond to inquiries, process bookings, and provide ongoing customer support;
2. Conducting marketing and advertising campaigns: To run advertisements on platforms like Facebook and other social media, personalized based on your interests and interactions. Ads may be targeted based on demographic data and usage data collected through cookies and tracking technologies;
3. Improving services: To analyze user behavior and preferences to enhance our website, services, and customer experience;
4. Operating, managing, and developing our business and services;
5. Posting on the Company’s website or social media channels such as Facebook, Instagram, Zalo, and other social networking platforms and using in the Company’s online and print advertising campaigns;
6. Complying with legal regulations or requests from competent government authorities.

4.     Consents by Data Subject

1. By using the products and services provided by the Company, contacting or interacting with the Company, entering into contracts/agreements with and/or permitting the Company to process Personal Data, the Data Subject has agreed without any conditions the entirety of this Notice and its amendments (if any) from time to time.
2. For any Personal Data provided to us, including the Personal Data of a third party, you hereby confirm, guarantee and take responsibility that you have

(i)          obtained the legitimate authorization from such data subjects to use and transfer such personal data, and ensure that the data subjects have been duly informed of our use of their personal data; and

(ii)         obtained consent/ approval from the said data subjects for the Company to process Personal Data for the Purposes as mentioned in this Notice.

3. The Data Subject acknowledges and agrees that the Company shall not be responsible for assessing the lawfulness and validity of the said consent/ approval and the burden of proof shall be bound to the Data Subject. The Company shall be exempt from all liabilities and be entitled to claim compensation for damages and expenses arising from the failure of the Data Subject to comply with the provisions of this Section.

5.     Entities processing Personal Data; Methods and Term of processing Personal Data

1. The Company may transfer the personal data provided to our affiliated companies, investors, shareholders, subsidiaries, subcontractors, and service providers (which may be located in other territories, in this case, the Company commits to comply with the regulations on cross-border transfer of personal data) for the Purposes outlined in Section 3. The Company only transfers personal data when there is a legal basis and with appropriate data protection measures in place through contracts with data processors.
2. Depending on the purpose of processing Personal Data, the Company or data processor(s) of the Company or third party(ies) authorized by the Company to process data may apply appropriate processing methods including without limitation automatic, manual or other methods of processing Personal Data in accordance with the provisions of laws and the Company’s policies from time to time.
3. Depending on each specific processing activity, Personal Data may be processed after it is provided or collected. The processing of Personal Data may end when the Company deems the processing purpose is completed or until Personal Data is deleted according to the laws.

6.     Potential and unwanted consequences, damage

1. During the collection, storage, and processing of personal data, the Company will implement, regularly review and update necessary technical, security, and protection measures to safeguard the Personal Data provided to us to the best of our ability in accordance with the prevailing laws and, make every effort to prevent risks and limit unwanted consequences and damages that may occur.
2. However, you – as the provider of Personal Data – acknowledge and understand that no technical system or security measure is absolutely secure, and that online transactions, cyberspace, and the collection, storage, and use of personal information inherently carry risks. These may include, but are not limited to, information leaks or dissemination due to technical system failures or security breaches. If the Company and our partners have implemented all possible measures yet data leaks or dissemination still occur, the Company and our partners shall not bear any liability for such incidents. However, the Company will take all possible actions to recover the data or mitigate the consequences as promptly as possible.

7.     Rights and Obligations of Data Subject

1. Rights of Data Subject

(i)          The Company respects and endeavors to protect the following rights of the Data Subject in accordance with the provisions of law: Right to be informed; Right to consent; Right to access (including the right to view, edit or request to edit personal data); Right to withdraw consent; Right to delete data; Right to restrict data processing; Right to provide data; Right to object to data processing; Right to complain, denounce, initiate lawsuits; Right to claim compensation for damages; and Right to self-defense.

(ii)         The Company will settle the requests of the Data Subject in accordance with the provisions of laws while considering the legitimate interests of the Data Subjects.

(iii)       However, for clarification, in the event that the Data Subject withdraws his or her consent, requests data deletion and/or exercises other relevant rights in respect of any or all of Personal Data, which affects the ability to provide/ maintain the Company’s products and services to the Data Subject, depending on the nature of the Data Subjects’ requests, the Company may consider and decide to cease providing the Company’s products and services to Data Subject prior to the deletion of Personal Data and/or any action by the Company pursuant to the provisions of law upon the withdrawal of his or her consent.

(iv)       Actions performed by the Data Subject as prescribed hereunder will be considered a unilateral termination by the Data Subject of any relationship between the Data Subjects and the Company; and may lead to a breach of contractual obligations or commitments between the Data Subject and the Company, and the Company reserves its legitimate rights and remedial measures in these cases. Accordingly, the Company will not be held liable to the Data Subject for any loss arising, and The Company’s legitimate rights to limit, restrict, suspend, cancel or prevent such Personal Data will be expressly reserved.

(v)        With reasonable efforts, the Company will fulfill the lawful and valid requests from the Data Subject within an appropriate timeline and in accordance with the provisions of law.

(vi)       For confidentiality purposes, the Data Subject may need to make his or her request in writing or use other methods to prove and authenticate the identity of the Data Subject. The Company may require the Data Subject to verify his or her identity before processing the Data Subject’s request.

(vii)     To clarify, the Company has the right to reject the requests from the Data Subject in certain cases at the Company’s discretion in accordance with the provisions of law.

2. Obligations of Data Subject: The Data Subject is obliged to

(i)          self-protect their own Personal Data; to request other relevant organizations and individuals to protect their Personal Data;

(ii)         respect and protect others’ Personal Data;

(iii)       provide Personal Data fully and accurately upon giving consent to process Personal Data;

(iv)       participate in the propaganda and dissemination of skills for Personal Data protection;

(v)        comply with the law on Personal Data protection and participate in the prevention of and fight against violations of the regulations on Personal Data protection;

(vi)       immediately notify the Company when discovering or suspecting that their Personal Data has been exposed, which may cause risks to service use, or any violation of Personal Data protection under this Notice that is identifiable to the Data Subject;

(vii)     regularly check updates from the Company (if any) related to the Personal Data protection policy in this Notice;

(viii)    Other obligations as prescribed by laws.