POLICY

PERSONAL DATA PROCESSING POLICY

Thank you for visiting the website operated by PNJ Jewelry Production and Trading Company Limited (PNJP). PNJP would like to inform customers about our personal data processing policy and terms and conditions on personal data processing according to Decree No. 13/2023/ND-CP on personal data protection.

In the process of providing goods and services, PNJP respects and commits to protecting the confidentiality of personal information in accordance with the provisions of Vietnamese law. To ensure the security of customer information, PNJP implements a personal data processing policy with the following contents:

I. DEFINITION OF WORDS

In this Notice, the words below shall be construed as follows:

1.1 PNJP is the abbreviation of PNJ Jewelry Production and Trading Company Limited and its branches, representative offices, and business locations.

1.2 Products are all products and services that PNJP performs and provides within the scope of PNJP’s business lines.

1.3 Business units are dependent units of PNJP that are responsible for performing one or part of PNJP’s business functions and activities according to the provisions of law.

1.4 Customers are organizations, individuals, and data subjects; including but not limited to, organizations and individuals who interact, transact, access, provide, and use PNJP Products (including direct transactions at PNJP, cyberspace and/or other forms); Organizations and individuals participating in PNJP programs and events.

1.5 Personal data is information and data of the Customer in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment that are associated with a specific person or help identify a specific person; including but not limited to information and data related to full name, date of birth, gender, nationality, identity card/citizen identification information, personal identification number, passport number , marital status, transaction information, access history. In addition, some information and data are sensitive in nature such as race, health, religious beliefs, political opinions, biometric data, location of the Data Subject and other information. Other information can be collected and processed by PNJP when necessary.

1.6 Information that helps identify a specific person is information formed from an individual’s activities that, when combined with other stored data and information, can identify a specific person.

1.7 Processing of Personal Data means PNJP’s performance of one or more activities affecting Customer’s Personal Data, including but not limited to activities such as: collection, recording, analysis, confirmation, store, edit, disclose, combine, access, retrieve, retrieve, encode, decrypt, copy, share, transmit, make available, transfer, delete, destroy Personal Data or Other related actions.

1.8 Personal data protection is the activity of preventing, detecting, stopping, and handling violations related to personal data according to the provisions of law.

1.9 Information Security is the protection of information and information systems from violations of the confidentiality, integrity and availability of information, including access, use, disclosure, modification Edit and destroy information against regulations.

1.10 Third parties are organizations and individuals other than PNJP and Customers.

II. TYPES OF PERSONAL DATA COLLECTED

For the purposes of processing Personal Data specified in this Notice and depending on the nature, level and type of transaction, PNJP may collect basic and/or sensitive Personal Data. Customer’s following comments:

2.1 Basic customer data such as full name, date of birth, nationality, permanent address, contact address, identity card number information/citizen identification card/passport, phone number , email, etc

2.2 Payment-related data, including information about bank accounts, credit cards, etc. (not including detailed card numbers, CVV numbers or other authentication codes with equivalent legal value).

2.3 Data according to PNJP’s regulations to participate and/or apply for PNJP’s promotions and events (such as: student card, exam score sheet, marriage status certificate, registration certificate marriage contract, family relationship information, etc.) depending on the conditions of each program or event.

2.4 The Customer’s image, voice and other personal identifying characteristics when attending a PNJP program or event or using PNJP Products.

2.5 Personal data reflects the Customer’s activities and history of activities in cyberspace.

2.6 Data about Customers’ preferences and habits.

2.7 Transaction data customers have made with PNJP such as product type and quantity; location, time of transaction and data about Customer’s interaction with PNJP Products or Third Party products related to PNJP Products.

2.8 Data created/extracted from or related to technical systems (including devices, operating systems, software, positioning, browsers, IP addresses, other technical systems) such as: information on language settings information, date and time of connection to the website, application usage statistics, application installation, date and time of connection to the application; account name; password; secure login details; usage data; and any other information logged automatically from the connection.

2.9 Data generated/extracted regarding advertising interests; cookie data; clickstream data; browsing history; response to direct marketing; and opt-out of direct marketing; other related data and information.

2.10 Other data that PNJP collects will depend on the privacy settings that the Customer has established with the social network provider, on its devices and applications.

The types of application and device data PNJP collects and how long PNJP stores will depend partly on the device and the Customer’s settings. For example, Customers can enable or disable the device’s location through the device’s settings app, etc.

2.11 Other data related to the type of transaction between the Customer and PNJP.

III. HOW PERSONAL DATA IS COLLECTED

PNJP may collect Customer Personal Data by one or all of the following methods:

3.1 Directly from the Customer and/or automated applications such as:

• Through transactions established between Customers and PNJP.
• When Customers search, register, log in, create, manage accounts, access, transact, interact through PNJP’s available interactive channels (such as website, facebook, zalo, applications, etc.) or the Party The third is related to PNJP Products.
• When Customers access any PNJP website or use any features or resources available on or through the website.
• When Customers download or use PNJP’s applications for mobile devices.
• From exchanges and communications between PNJP and Customers (in person, by mail, phone, online, electronic communication or any other means) including surveys, programs, events events and activities in which the Customer participates.
• From interactions or automatic data collection technologies: PNJP may collect information including IP address, referring URL, operating system, email browser and any other information recorded Automatically from the connection:
  • Cookies, flash cookies, pixel tags, electronic beacons, or other tracking technologies.
  • Any technology capable of tracking individual activities across devices or websites.
  • Location information or other metadata provided by a device.
  • Other means: PNJP may collect Personal Data when Customers interact with PNJP through any other means.

3.2 From Third Parties, social media platforms and other sources:

• From suppliers, service providers, partners or parties related to PNJP and/or Customers.
• From a Third Party who is the legal representative of the Customer related to providing and processing the Customer’s Personal Data.
• From a competent state agency; banks, credit institutions.
• From any available public information source or from social networking platforms (google, facebook, zalo…) that the Customer has posted and updated.
• When PNJP collects Personal Data from Third Parties and other sources, PNJP ensures that such data is transferred to PNJP appropriately and in strict compliance with applicable legal regulations.

 IV. PURPOSE OF PROCESSING PERSONAL DATA

4.1 The Customer’s personal data will be processed by PNJP in accordance with this Notice and for specific purposes. Depending on each case, PNJP may process Personal Data in accordance with the purposes agreed upon by the Customer or in accordance with the law.

4.2 PNJP processes Customer Personal Data for one or all of the following purposes:

• Serving issues related to customer transactions at PNJP, including:
• • Identify and authenticate Customers to access accounts and manage Customer member accounts; protect against fraud, tampering, destruction, account misappropriation and/or other illegal activities.
  • Enter and check the completeness and accuracy of the Customer’s personal data entered into the system, compared with relevant data sources; Update Customer Personal Data.
  • Confirm and carry out financial transactions related to online payments.
  • To protect or exercise PNJP’s rights, including collecting fees, recovering any amounts owed by Customer to PNJP;
  • Handling customer requests and orders; shipping Products to Customers
  • Confirm, process, and exchange information related to transactions between Customers and PNJP. Manage information, data, and transaction history of customers at PNJP.
  • Provide Customers with information about Products, promotions, events, and activities of PNJP or Third Parties that may be of interest to Customers.
  • To recommend Products that may be of interest to Customers, identify Customer preferences and personalize Customer experience with Products;
  • Implement PNJP’s advertising, promotion, incentive and support programs in accordance with legal regulations, without causing damage to Customers.
  • Contact, provide, send documents and information related to updating Customer’s personal data, notify Customers of changes and updates to PNJP’s website, applications or devices.
  • Send communications about Customer account management and website, application or device features.
  • To communicate with Customers regarding the Products; Answer and respond to customer complaints, suggestions and requests.
  • Carry out other purposes that PNJP believes will benefit the Customer.
• To operate, develop, provide, improve and improve the quality of PNJP Products:
  • To implement regulations related to PNJP’s information system security and protection of Customer Personal Data.
  • To measure usage, analyze, improve quality and develop PNJP Products.
  • Improve the interface and/or content of items on PNJP’s website and applications to better serve customers.
  • Market research, trend analysis, statistics, surveys and data analysis related to Products.
• To exercise the rights and obligations of PNJP in implementing and complying with laws and regulations of PNJP and Third Parties:
  • Serving the purpose of preventing and combating money laundering, combating terrorist financing, and complying with embargoes according to regulations from time to time.
  • To prevent, deter, and detect fraud and abuse, credit risks to protect Customers, PNJP and others; and to comply with PNJP’s legal obligations regarding fraud prevention.
  • Serving activities, sales transactions, transfers, and transfers of business and/or assets of PNJP.
  • For audit purposes, the unit advises PNJP.
  • Serving transactions of sale, transfer, transfer of rights, interests or obligations under the Customer’s contract(s) with PNJP.
  • Implement and comply with agreements and/or contracts between PNJP and Third Parties in accordance with legal regulations.
  • Providing parties provide products and services to PNJP.
  • Meet or comply with PNJP’s internal policies.
  • Comply with relevant legal obligations or with PNJP’s legitimate interests in data security and collection.
  • To meet or comply with legal regulations, written requests, decisions issued by courts, competent state agencies or other regulatory agencies and organizations.
• PNJP may use Customer’s personal data recorded by the security surveillance system for the following purposes: (i) for security and social order purposes; (ii) detect and prevent violations that may arise at PNJP or in the use of PNJP Products; (iii) detect and prevent criminal acts; and/or (iv) to conduct investigations of other arising issues;
• Other purposes that PNJP determines appropriate from time to time or any other purposes required or permitted by law.

4.3 PNJP processes Customer’s Personal Data for one or all of the above purposes depending on the nature and level of the Customer’s transaction. Customers have the right to refuse to allow PNJP to process Personal Data for one or more of the above purposes by sending a request to PNJP according to the contact information stated in this Notice. In case PNJP does not receive any request from the Customer, by expressing consent as mentioned in this Notice, PNJP understands that the Customer voluntarily agrees to allow PNJP to have full rights to process Personal Data. of the Customer for all the above purposes.

V. ORGANIZATIONS AND INDIVIDUALS WHICH ARE PROCESSING CUSTOMERS’ PERSONAL DATA

For the purposes stated in this Notice and other purposes agreed upon by the Customer or according to the law, the subjects that process the Customer’s Personal Data include the following organizations and individuals:

5.1 PNJP (including PNJP employees and personnel assigned and tasked with processing Customer Personal Data).

5.2 Companies providing services related to PNJP’s business activities, including but not limited to companies providing postal services, telecommunications, data processing, information technology, technology support, data center, product operations, electronic news sites, applications, and equipment of PNJP.

5.3 The Company provides payment services and services related to payment transactions via websites and applications;

5.4 The company provides accounting, auditing, valuation, valuation services, law firms and other consulting units of PNJP.

5.5 The parties transact/intend to transact, sell, transfer, transfer business and/or assets and/or contributed capital and shares of PNJP.

5.6 Individuals and organizations intend to pay any outstanding amounts from the Customer to PNJP.

5.7 Individuals, organizations, competent state agencies or other Third Parties that PNJP is allowed or required to disclose according to the law and/or according to legal agreements between PNJP and the Third Party .

5.8 Other organizations and individuals as prescribed by law and in accordance with the purpose of processing Customer’s Personal Data.

VI. UPDATE, CORRECTION AND DELETION OF PERSONAL DATA

6.1 For the purposes stated in this Notice, Personal Data must be updated and supplemented promptly to suit the processing purpose.

6.2 Correction of Personal Data.

• Customers can access their accounts to view and edit their Personal Data.
• In case the Customer cannot edit directly for technical reasons or for other reasons, the Customer can send a written request to PNJP to request that PNJP to edit Personal Data for the Customer. Based on the request and information provided by the Customer, PNJP will edit Personal Data for the Customer as soon as possible. PNJP will notify the Customer within 72 hours of receiving the request to edit the Customer’s Personal Data in case PNJP cannot immediately edit the Customer’s Personal Data for objective reasons or for any reason.
• Customers are responsible for promptly updating and correcting their personal data with PNJP and are responsible for the accuracy and completeness of the data provided by the Customer.

6.3 Deletion of Personal Data:

• Except where otherwise provided by law and the cases specified in Point d of this Clause, Customers may request PNJP to delete their Personal Data in the following cases:
• The Customer finds that such Personal Data is no longer necessary for the purposes of the data processing to which the Customer has agreed and the Customer accepts the damages that may result from requesting deletion of the data;
• The Customer withdraws consent in accordance with the law and the content of this Notice;
• The Customer objects to PNJP processing the Customer’s Personal Data and PNJP has no grounds to prove that continued processing is necessary;
• The Customer has evidence to prove that PNJP has processed the Customer’s personal data for improper purposes or in violation of the law.
• Cases in which the Customer believes that the Customer’s Personal Data must be deleted in accordance with the law.
• Within 72 hours from the time of receiving the request to delete Customer’s Personal Data, PNJP will carry out procedures to delete all Customer Personal Data that PNJP collects, except in the case of The law has other provisions.
• In the following cases, PNJP will perform irreversible deletion of Customer’s Personal Data:
• Personal data is processed for improper purposes or the purpose of processing Personal Data agreed to by the Customer has been completed;
• Storage of Personal Data is no longer necessary for the operations of PNJP and/or relevant Third Parties;
• PNJP and/or related Third Parties are dissolved or no longer operating or declare bankruptcy or terminate operations according to the provisions of law.
• Customer’s personal data will not be deleted in the following cases, even when Customer requests to delete Personal Data:
• The law does not allow data deletion;
• Personal data is processed by competent state agencies for the purpose of serving the activities of state agencies in accordance with the law;
• Personal data has been made public in accordance with the law;
• Personal data is processed to serve legal requirements, scientific research, and statistics in accordance with the law;
• In cases of emergency in national defence, national security, social order and safety, major disasters, dangerous epidemics; when there is a threat to security and national defence but not to the extent of declaring a state of emergency; preventing and combating riots, terrorism, preventing and combating crime and law violations;
• Respond to emergency situations that threaten the life, health or safety of Customers or other individuals.

VII. STORAGE AND PROTECTION OF PERSONAL DATA

7.1 PNJP will store Customer’s Personal Data in a form suitable to PNJP’s operations and for a period of time consistent with the purpose of data processing and Customer’s requests.

7.2 Unless otherwise prescribed by law, the time when PNJP begins and ends processing Customer’s Personal Data is as follows:

• PNJP time begins: calculated from the time the Customer expresses consent to allow PNJP to process the Customer’s Personal Data according to the provisions of this Notice;
• End time: from the time PNJP completes the processing of Customer’s Personal Data or receives a request to terminate data processing and/or Customer requests to withdraw consent to PNJP Process Customer Data and/or another time as required by law.

7.3 PNJP commits to processing Customer’s Personal Data in a safe and secure manner and ensuring Customer’s legitimate rights and interests regarding the processing of Personal Data within PNJP’s capacity and in accordance with provisions of current law. PNJP applies appropriate data processing methods as well as appropriate technical and organizational security measures, to avoid unauthorized access, reading, use, alteration, provision, destruction or other processing of Personal Data. However, the network environment (internet) is not a secure environment and there can be no absolute guarantee that Customer Personal Data shared using the internet will always remain secure and therefore Customer Personal Data Collected and stored by Customers may be compromised by a Third Party (such as hackers) and may cause impacts and losses to Customers. When Customers use the internet to transmit personal data, Customers should only use secure systems to access websites, applications or devices. Customers are responsible for maintaining access authentication information. Your access to each website, application or device is safe and confidential. Customers need to immediately notify PNJP if they detect any abuse of login information and change their access password immediately. PNJP will try as much as possible to repair and strengthen security fences, minimizing damage incurred to Customers.

VIII. CUSTOMER RIGHTS AND OBLIGATIONS

8.1 Customer Rights:

• Right to know: Customers have the right to know information about the purpose, method, scope, type of data PNJP processes and other contents related to the processing of Customer’s Personal Data.
• Right to consent: Customers can agree or disagree to allow PNJP to process their Personal Data except for processing personal data in cases where Customer’s consent is not required as specified in the Notice. this and relevant legal regulations;
• Right to withdraw consent: Customers have the right to withdraw their consent, but must comply with the relevant content in this Notice and the provisions of law.
• Right to object to data processing: Customers have the right to object to PNJP processing their Personal Data to prevent or limit disclosure of Personal Data or use for advertising and marketing purposes inconsistent with the provisions in This notice and related legal regulations. PNJP will fulfill the Customer’s request within 72 hours after receiving the request.
• Right to access and edit Personal Data: Customers have the right to access, view and edit their Personal Data in the manner and methods specified in this Notice and relevant legal regulations.
• Right to delete data: Customers can delete or request PNJP to delete Customer’s personal data in accordance with the provisions of this Notice and the law.
• Right to restrict data processing: Customers have the right to restrict PNJP from processing their Personal Data. PNJP will comply with the Customer’s request within 72 hours after receiving the Customer’s request.
• Right to request PNJP to provide data: Customers have the right to request PNJP to provide their personal data with the following request order and procedures:
  • When there is a request to provide personal data, the Customer or the Customer’s legal representative sends a Request to Provide Personal Data form to PNJP by one of the following methods (i) directly at the headquarters of PNJP; or (ii) via PNJP’s email; (iii) via postal service.
  • PNJP will appoint responsible personnel to receive the Customer’s request to provide personal data and monitor the process and list of personal data provision as requested; In case the requested personal data is not within the authority, PNJP will notify and guide the Customer to the competent authority or clearly notify the inability to provide personal data.
  • Within 72 hours after receiving the Customer’s request to provide valid personal data, PNJP will notify the time limit, location, and form of providing personal data; Actual costs for printing, copying, photocopying, sending information via postal service, fax (if any) and payment method and deadline.
• Right to complain, denounce, sue: Customers have the right to complain, denounce or sue according to the provisions of law.
• Right to request compensation for damages: Customers have the right to request compensation for damages according to the provisions of law when violations of regulations on protecting their personal data occur.
• Right to self-protection: Customers have the right to self-protect according to the provisions of law or request competent agencies and organizations to implement methods to protect civil rights such as recognizing, respecting, protecting and preserving civil rights. assume your civil rights; Force the termination of infringing acts; forced to publicly apologize and rectify; forced to perform obligations; forced to pay compensation for damages; Cancel individual illegal decisions of competent agencies, organizations, and persons; and other requirements as prescribed by law.

8.2 Customer Obligations:

• Protect your Personal Data; request other relevant organizations and individuals to protect their personal data.
• Respect and protect the Personal Data of others.
• Provide complete and accurate Personal Data when agreeing to allow PNJP to process Customer Personal Data.
• Commitment, warranty and responsibility when providing Third Party Personal Data to PNJP. The Customer undertakes that it has obtained legal authorization from that Third Party to provide and process personal data and has clearly informed the Third Party and agreed to all the contents of this Notice. , including allowing PNJP to process personal data of Third Parties for one or more or all of the processing purposes stated in this Notice.
• Notify, update, and supplement your personal data promptly and accurately to PNJP in accordance with the purpose of data processing.
• Comply with the conditions (if any) when exercising the Customer’s rights specified in this Notice and relevant legal regulations.
• Other obligations according to this Notice and legal regulations.

IX. CUSTOMER CONSENT AND WITHDRAWAL OF CONSENT

9.1 Customer Consent

• PNJP always respects and secures Customer information, therefore PNJP only processes Customer Personal Data in accordance with the purposes mentioned in this Notice with the Customer’s consent, except in cases where The law has other provisions.
• By agreeing to create an account and purchase PNJP Products, Customers are clearly aware of the contents in this Notice, including but not limited to: (i) the types of Personal Data processed by PNJP ; (ii) Purpose of PNJP processing Customer’s Personal Data; (iii) Organizations and individuals processing Customer’s personal data; (iv) Customer’s rights and obligations.
• The Customer is considered to agree to allow PNJP to process the Customer’s Personal Data when the Customer performs one of the following activities:
  • Customers confirm in writing when transacting directly at PNJP; or
  • Customers register for membership cards or have become loyal customers of PNJP; or
  • Customers access and transact on PNJP’s online platform (including website, facebook,…); or
  • Customers register and log in to their account on PNJP’s website;
• By performing one of the above activities, the Customer voluntarily agrees to allow PNJP to process the Customer’s Personal Data in accordance with PNJP’s data processing purposes from time to time.
• In case the Customer does not agree to PNJP processing Personal Data for any purpose, the Customer please send a request to the contact information listed in this Notice. PNJP respects the rights of Customers, however Customers may not enjoy certain benefits from PNJP.
• In case the Customer authorizes another organization or individual to represent the Customer to carry out procedures related to processing Customer’s personal data with PNJP, the Customer or the Customer’s legal representative must Provide PNJP with a legal authorization document (if authorizing an individual, the authorization document must be notarized or authenticated; if authorizing an organization, it must be fully signed by the Customer and the representative). have the authority of the organization), and the content of the authorization document must clearly show that the Customer clearly knows the policies and regulations on processing personal data and agrees to allow PNJP to process their personal data. Client.
• For processing sensitive personal data, customers will be informed by PNJP that the data to be processed is sensitive personal data.

9.2 Withdrawal of consent

• Customers have the right to withdraw consent to allow PNJP to process Customer Personal Data. When there is a need to withdraw consent, the Client must submit a request (request must be expressed in a format that can be printed, reproduced in writing, including in electronic or verifiable format) to PNJP.
• When receiving the Customer’s request to withdraw consent, PNJP informs the Customer of the consequences and damages that may occur when withdrawing consent; At the same time, stop and request relevant organizations and individuals to stop processing Personal Data for which the Customer has withdrawn consent.
• The customer notes that the withdrawal of consent does not affect the lawfulness of the data processing that was agreed to before the withdrawal of consent.

9.3 PNJP has the right to process Personal Data in the following cases without Customer’s consent, specifically:

• In case of emergency, it is necessary to immediately process relevant Personal Data to protect the life and health of the Customer or others.
• Disclosure of Personal Data as prescribed by law.
• To perform obligations under Customer’s agreements and/or contracts with relevant agencies, organizations and individuals according to the provisions of law.
• Serving the activities of competent state agencies according to law.
• Other cases according to the law.

X. PNJP CONTACT INFORMATION

10.1 For any questions, comments, or complaints related to personal data processing, please contact and/or send to PNJP according to the information below:

• PNJ JEWELRY PRODUCTION AND TRADING COMPANY LIMITED
• Address: No. 23, Street 14, Ward 5, Go Vap District, Ho Chi Minh City
• Phone: 1900.9999.05

• Email: pnjp@pnj.com.vn

10.2 Complaint resolution

• In case it is discovered that PNJP does not process personal data for the right purpose, scope, method or other contents according to this Notice or personal data processing Notices amended and supplemented from time to time , Customers please send relevant information and evidence to PNJP according to the contact information above.
• PNJP will check and respond to Customer’s complaint information immediately or at the latest within 72 working hours from the time of receiving the information. In case the Customer’s problem is complex or PNJP has a large volume of problems that need to be resolved, PNJP will inform the Customer that PNJP needs more time to resolve and PNJP will find a solution within one month. months since the issue was first raised.

XI. OTHER CONTENT

11.1 This notice takes effect from July 1, 2023 and is publicly announced by PNJP to Customers on the official website and/or transaction channels, communication between PNJP and Customers and/or its applications. PNJP.

11.2 This notice may be updated and amended from time to time and notified to Customers via PNJP’s website or transaction channels or applications.

11.3 Any complaints or disputes related to the collection and processing of personal data according to this Notice will first be resolved by negotiation between PNJP and the Customer. In case no negotiation is possible, the dispute will be resolved by institutional arbitration at a Commercial Arbitration Center established and operating in Vietnam according to the Rules of Arbitration Procedures in effect at the time of resolution disputes of that Arbitration Center; The place of arbitration is in the Ho Chi Minh City, Vietnam.

11.4 PNJP recommends that Customers regularly visit PNJP’s website to promptly update changes and additions (if any) to this Notice.

11.5 Issues regarding the processing of personal data that are not specified in this Notice shall be implemented in accordance with current laws on personal data processing.