I. INTRODUCTION
1. NTO GROUP VIETNAM COMPANY LIMITED (Hereinafter referred to as “We” and/or “NTO”) always upholds and respects the right to privacy, confidentiality, and security of personal information in accordance with Vietnamese law. We recognize the importance of the personal data that Customer has entrusted to Us and believe that We have a responsibility to manage, protect, and process Customer’s personal data in an appropriate way. This Data Protection Commitment (hereinafter referred to as the “Commitment”) is developed to help the Customer understand how We process personal data that the Customer has provided to us, whether now or in the future, as well as to help the Customer make decisions before providing Us with any of the Customer’s personal data.
2. Personal Data is information in the form of symbols, letters, figures, photos, sounds, or similar forms in the electronic environment that is associated with a person or helps identify a specific person. Personal Data includes basic Personal Data and sensitive personal data.
3. Personal data processing is one or more activities affecting Personal Data, such as: collect, record, analyze, confirm, store, edit, disclose, combine, access, retrieve, revoke, encrypt, decrypt, copy, share, transmit, provide, transfer, delete, destroy Personal Data or other related actions.
4. Service means products and services provided on Our website.
5. The Customer undertakes not to provide Us with any information that is inaccurate or misleading and shall notify Us of any information that is inaccurate or when there is a change in information. We reserve the right, at our sole discretion, to request other documents necessary to verify any information provided by the Customer.
6. In some cases, the Customer may provide Personal Data of other individuals to Us (for example, family members, friends, or people in the Customer’s contact list). If the Customer provides Us with their personal data, the Customer warrants that the Customer has obtained their consent to process their Personal Data in accordance with this Commitment.
7. This Commitment includes the following information:
· What Personal Data does NTO collect from the Customer?
· For what Purpose does NTO use the Customer’s Personal Data?
· How to keep the Customer’s Personal Data secure?
· Does NTO share Personal Data collected from the Customer?
· Does NTO transfer the Customer’s Personal Data to outsiders?
· How can the Customer withdraw their consent, request restriction of processing, or object to the processing of Personal Data provided to Us?
· How is Personal Data processed?
· How is Personal Data of children processed?
· Duration of data processing
· Customer’s confirmation
II. WHAT PERSONAL DATA DOES NTO COLLECT FROM THE CUSTOMER?
1. Information the Customer provides to Us
· Basic Personal Data:
(i) Full name and other name (if any);
(ii) Date of birth;
(iii) Gender;
(iv) Contact address;
(v) Nationality;
(vi) Photos, audio, or video of the individual;
(vii) Phone number, ID card number, personal identification number, passport number;
(viii) Information about personal digital accounts; Personal Data reflecting activity history on Our website;
(ix) Information about Customer’s network, including Customer’s contact list when agreeing to share on Customer’s devices, and the people and accounts with which the Customer interacts;
(x) Usage and transaction information, including details of search history, transactions, advertising and display content that interacts with the platform, as well as its related products and services of the Customer;
(xi) Personal Opinion – includes any opinion Customer share with Us that indicate Customer’s point of view and comments. This may include when Customer provide Us feedback and review rating Our Service, or if Customer participate in any product research and development discussions.
· Sensitive Personal Data:
(i) Size information - includes: clothes size, height, weight, chest, waist, hip, inseam, body shape, heel-toe measurement;
(ii) Data on location determined through location services of the individual;
(iii) Media or communications data, such as Customer’s preferences for receiving advertising communications from Us or the Third Party, communication preferences, and communication history with Us, Our service providers, and other Third Party;
(iv) Other Personal Data specified as special by the Law and require necessary security measures.
(v) Other data which are considered as sensitive Personal Data according to the law.
2. Automatic information
We process the Customer’ Personal Data regarding the use of the Service on Our website, including information about Customer’ interactions with the content and the Service available through Our website. Information on Customer’s browsing behavior. This may include: browser name, IP address (including hashed IP address), clickstream data, data and time of site visits, time remained on site, pages visited, and the links Customer have clicked in Our marketing messages or website, the referral URL that brought Customer to Our site.
3. Information from other sources
We may receive information about the Customer from other sources, such as delivery address information and updates from carriers, which shall be used by Us for record-keeping and delivery to make the Customer’s next shopping more convenient.
Social Media Interaction and Activity information – includes: any information about Customer that We obtain through different social media channels such as Facebook, Instagram, Google, etc. When We use these channels for advertising, analytics purposes or to enrich Customer’s profile with adidas, including: any social media information that is publicly available such as Customer’s social media handles, social media interactions and public postings, Customer’s “Likes” and other reactions, Customer’s social media connections, Customer’s photos that are public, or those Customer send to Us by mentioning Us or following Our social media posts by using “handles” or “hashtags”, comments or messages Customer shared with Us publicly or privately on social media platforms. Also, We may be able to obtain above information indirectly from social media companies (e.g. Facebook, Snapchat, Google, Instagram, etc.) when We advertise on these platforms, which may include Customer’s participation and membership on particular topics and/or groups, Customer’s profile settings and preferences, and Customer’s behavior on different platforms owned by the same company.
III. FOR WHAT PURPOSE DOES NTO USE THE CUSTOMER’S PERSONAL DATA?
1. Service provision: We use the Customer’s Personal Data to receive requests and provide Service, process payments, and communicate with the Customer about the Service and promotional offers.
2. Troubleshooting and Service improvement: We use the Customer’s Personal Data to provide features, analyze performance, fix bugs, and improve the usability and efficiency of the Service.
3. Recommendations and personalization: We use the Customer’s Personal Data to recommend features, products, and services that may be suitable for the Customer, to identify Customer’s interests and needs and personalize Customer’s experience with the Service.
4. Communication with the Customer: We use the Customer’s Personal Data to communicate with the Customer regarding the Service through various channels (for examples: phone number, email, chat).
5. Advertising: We use the Customer’s Personal Data to monitor the use of Service, analyze data, and display Service advertisements tailored to the Customer.
6. Legal compliance: In some cases, We process the Customer’s Personal Data to comply with the provisions of the Law.
(Hereinafter referred to as “Purpose”)
In order to carry out the above Purpose, We may process the Customer’s Personal Data depending on each situation, such Purpose may not be listed in this Commitment. However, We shall notify the Customer of such other Purpose at the time of obtaining Customer’s consent, unless the data processing does not require the Customer’s consent according to the provisions of the Law.
IV. HOW TO KEEP THE CUSTOMER’S PERSONAL DATA SECURE?
1. We implement appropriate technical and organizational measures to address the risks corresponding to Our use of your Personal Data, including loss, alteration, or unauthorized access to or unauthorized use of Customer’s Personal Data, and empowering Customer to exercise Customer’s rights. We require Our service providers to do the same through contractual agreements. However, Customer should be aware that any transmission of Customer’s Personal Data through the Internet is at Customer’s own risk. We can only protect Customer’s Personal Data when We have it under Customer’s acception and We use it for Purpose stated in Section III of this Commitment.
2. We implement various security measures and strive to ensure the security of the Customer’s Personal Data on our systems. We design Our data system to make sure that the Customer’s Personal Data is kept secure. In accordance with Our security procedures, in some cases, We shall require the Customer to verify their identity before disclosure the Customer’s Personal Data to Them.
3. The Customer commits to proactively protect and prevent unauthorized access to the Customer’s account on Our website to minimize possible risks.
V. DOES NTO SHARE PERSONAL DATA COLLECTED FROM THE CUSTOMER?
Information about Our Customer is an important part of Our business. We do not transfer, buy, or sell the Customer’s Personal Data to any Third Party. We only share the Customer’s Personal Data in the following cases:
1. Transactions with Third Party: In the course of our business operations, We will/may need to process the Customer’s Personal Data with Third Party (such as agents, affiliates, or other services suppliers) in Vietnam or abroad to carry out the Purpose stated in Section III of this Commitment, this shall be done in accordance with Vietnamese Law, for examples: delivery, mailing and email, removing repetitive information from lists of customers, analyzing data, providing marketing support, providing search results and links (including paid advertising and links), payment processing, and credit risk assessment and management. These Third-Party service providers have access to Personal Data that is necessary to perform their functions and is not used for any other purposes.
2. Business Transfer: As We continue to grow Our business, We may sell or buy other businesses or services. In these transactions, the Customer’s information is one of the transferable business assets but still complies with these Commitments.
3. NTO and Third Party Protection: We may disclose necessary Personal Data when the disclosure is to comply with the law or to protect the rights and property of NTO and/or Third Party, including exchanging information with other companies and organizations to anti-fraud and reduce credit risk.
VI. DOES NTO TRANSFER THE CUSTOMER’S PERSONAL DATA TO OUTSIDERS?
The Customer’s Personal Data may be transferred abroad for one or more of the Purpose listed in Section III of this Commitment. We only transfer the Customer’s Personal Data abroad in accordance with the provisions of Vietnamese law on Personal Data protection.
VII. HOW CAN THE CUSTOMER WITHDRAW THEIR CONSENT, REQUEST RESTRICTION OF PROCESSING, OR OBJECT TO THE PROCESSING OF PERSONAL DATA PROVIDED TO US?
The Customer may withdraw their consent, request restriction, or object to the processing of the Customer’s Personal Data that We maintain or control by sending an email to Our Specialist at email privacy@mekong-nto.com. We shall process these requests in accordance with Our policies and relevant laws. However, the Customer’s withdrawal of consent, request for restriction, or objection to the processing of the Customer’s Personal Data may mean that We shall not be able to continue to provide the Service to the Customer and We may terminate the existing relationship with the Customer.
VIII. HOW IS PERSONAL DATA PROCESSED?
In the process of implementing the Purpose stated in Section III of this Commitment, We shall/may process the Customer’s Personal Data according to actual situations, such Purpose may not be listed in Section III of this Commitment. However, We shall notify the Customer of that Purpose at the time of requesting the Customer’s consent, unless the processing of Personal Data does not require the Customer’s consent in accordance with the law on Personal Data protection.
IX. HOW IS PERSONAL DATA OF CHILDREN PROCESSED?
Parent(s) or legal guardian(s) of children under 16 years old please supervise and ensure that Personal Data of children under 16 years old is not posted on Our website. In the event that the Personal Data of children under 16 years old is provided to Us by Parent(s) or legal guardian(s), their consents to process the Personal Data of children under 16 years old shall be given to Us. Parent(s) or legal guardian(s) ensure that they have received consent from children from 7 years old to under 16 years old regarding the processing of those children’s Personal Data in accordance with this Commitment.
X. DURATION OF DATA PROCESSING
Data processing start time: From the time the Customer visits this website and tick the “agree” box to this Commitment. Data processing end time: When the Customer withdraws consent as prescribed in this Commitment.