PRIVACY NOTICE

CONTENT

Privacy Notice for Vendors

SCG Companies respects the rights to privacy of our customers, including individuals acting on behalf of our corporate clients. To ensure that your personal data is protected, we have created this privacy notice to provide information on our processing of your personal data, in electronic and other formats, in accordance with the Vietnam Personal Data Protection Laws.
1. Definitions
1.1. “SCG Companies” refers to the companies listed in the Appendix .
1.2. “You” means individual vendors, directors of our corporate vendors, and operators and staff of vendors;
1.3. “Processing” means any acts impacting personal data, including but not limited to collecting, recording, analyzing, confirming, storing, editing, publicizing, disclosing, combining, accessing to, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying personal data.
1.4. “Vietnam Personal Data Protection Laws” mean applicable Vietnamese laws on personal data protection, including but not limited to the Vietnam Decree No. 13/2023/ND-CP on Personal Data Protection (as amended, supplemented, or replaced from time to time).
2. Purposes of the processing
2.1. We process your personal data for the following purposes:
(1) to perform our contractual obligations with you or to take steps at your request before entering into a contract. This includes procurement, inspection, payment for goods and services, relationship management, and evaluation of work as specified in purchase orders, contracts, or other procurement-related documents.
(2) to manage, develop, and conduct our business operations, including website and application administration, research (e.g., interviews, questionnaires), fraud prevention and detection, crime prevention, and IT system maintenance.
(3) to protect security through measures such as personal data protection, access control, and identity authentication when you log in to your user account.
(4) to enable us to send news, promotions, and privileges to you via email, SMS, applications, social media, telephone, and direct mail.
(5) to conduct marketing activities and perform data analysis, such as market research, surveys, and interviews.
(6) to ensure your security, which may involve implementing security measures (e.g., controlling access to premises), preventing and managing epidemics, and verifying and authenticating identities for website or application access.
(7) to establish, exercise, or defend legal claims, whether they pertain to you or us.
(8) to protect vital interests, whether yours or another person. This includes making contact in case of an emergency or controlling and preventing the spread of diseases.
(9) to comply with our legal obligations under applicable laws.
(10) to perform tasks in the public interest or in the exercise of official authority vested in us.
Please note that the above list is not exhaustive and may be subject to updates as necessary.
2.2. If we process your personal data for purposes that require consent, we will inform you of these specific purposes at the time of obtaining your consent. Further details regarding your consent and its implications are provided in the subsequent sections of this privacy notice.
3. Personal data we collect
We collect personal data directly from you and indirectly from other reliable sources such as government agencies, SCG Companies, business partners, individuals who can legitimately disclose your personal data, and trusted service providers. The details of the data collection are as follows:
3.1. Data from Vendors: When you contact us or when you (or a corporate vendor) supply products or services to us, we collect the following personal data:
(1) Contact Information: Email address, telephone number, office address, social media account, instant messaging account. (e.g., information available on your business card).
(2) Identity Verification Information: ID cards, ID number, title, name, date of birth, mobile number, email, photograph, and identification information.
(3) Work-Related Information: Employment details, information related to managing your work safety, hygiene, and environment, bank account (for payment), remuneration, occupation, position, driving license, credentials, Information about past clients you have served and their references, and other personal data you have provided to us when contacting us or supplying products or services.
(4) Identification Information: Citizen identification number, passport number, driver’s license number, social security number, taxpayer identification number, and other government-issued identification numbers.
(5) Immigration and residency Information: Stay permit, residence permit, work permit, visa, and similar paperwork.
3.2. Data from Premises Visits: When you visit our premises, we collect, monitor, and process your images and video recorded by CCTV in designated areas. We will display signage to notify you about the areas where CCTV operates.
3.3. Data from Contact and Participation: When you contact us or participate in any activity with us, we collect the following personal data:
(1) Personal Information: Name, date of birth, photograph, identification card number, passport number.
(2) Contact Information: Telephone number, email, address, instant messaging account.
(3) Complaint Information: Details regarding your complaints.
(4) Participation Information: Information about your participation in our activities, including the history of previous activities and photographs taken.
3.4. Other Data: Tax identification number, family card, and photographs taken during your participation in our workshops or work with us.
3.5. Additional Data Collection: If we need to collect additional personal data, we will notify you and process the data in compliance with Vietnam Personal Data Protection Laws.
3.6. Sensitive Personal Data: Where necessary, we will process your sensitive personal data in accordance with Vietnamese Personal Data Protection Laws. We will ensure that we will try our best to provide adequate security measures to protect your sensitive personal data. We may need to collect and process sensitive personal data, including:
(1) We may collect and process your facial recognition or fingerprint data to verify your identity.
(1) We might have to collect general health data given by you (e.g. food allergy, drug allergy, vaccination) to organize events, meetings, and receptions; to accommodate you; and to comply with legal and regulatory requirements (e.g. criminal offence data).
(2) In some occasions, we might receive your sensitive personal data although we have no intention process the data. For example, we might receive data concerning your religious beliefs when we collect copies of your identification cards, which we will take appropriate measures to prevent collection and processing of such unnecessary data or ask you to redact the data before sending it to us.
(3) Sensitive personal data under our processing may also include financial information and location data.
3.2. Third-Party Data Disclosure: If you disclose personal data of other persons to us, you must be able to disclose such data and comply with applicable laws, which includes informing the data subjects of this privacy notice and other relevant documents before or when you disclose the data to us.
4. Cookies
4.1. We use cookies and similar technology to collect personal data as specified in our Cookies Notice.
5. Consent, withdrawal, and consequences
5.1. If we rely on your consent to process personal data, you are entitled to withdraw your given consent at any time but such withdrawal will not affect the validity of the processing made prior to the withdrawal.
5.2. Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives stated in this privacy notice.
5.3. You can withdraw your given consent by following instructions available in the channels that obtain consent from you (e.g. changing settings in your user accounts) or by submitting your request to the contact email of the relevant company listed in the Appendix .
5.4. If you are children (under 16 years of age), quasi-incompetent person, or incapacitated persons and you wish to give consent to us; you must obtain authorization from your legal representatives, guardians or custodians (depending on the specific context of each case) before giving consent to us.
5.5. If you give us consent on behalf of other persons, you must have authority to legally give the consent on behalf of the data subjects at the time when it is given to us.
6. Retention Period
6.1. We will retain your personal data for the period necessary to meet the objectives unless the law requires longer retention periods. In the event that such period is unclear, we will retain the data for a customary expected period in accordance with retention standards.
6.2. We have established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purposes of collecting that personal data.
6.3. If your personal data is processed based on consent, we will stop the processing when you have withdrawn the consent. However, we may keep your personal data to record your withdrawn so we can respond to your request in the future.
7. Disclosure of Your Personal Data
7.1. We disclose and share your personal data with:
(1) Companies within the SCG Group, including those outside Vietnam, as listed in the most recent annual report available at https://scc.listedcompany.com/ar.html; and
(2) Individuals and entities other than the companies in the SCG Group for the purpose of collecting and processing personal data as described in this privacy notice such as
our dealers, transport and logistics service providers, postal service providers, data processing service providers, marketing service providers (who might send messages to you to promote our products and services), contractors (who might perform tasks on our behalf), financial service providers (such as banks, payment companies, electronic payment service providers, credit providers), IT service providers (such as providers of cloud services, blockchain systems, data analytics, SMS, or emails), IT developers, programmers, auditors, consultants, advisors, government agencies (e.g. the tax authorities), insurers, legal advisors, third parties (in Vietnam or anywhere else) that are related to subpoenas, court orders, or other legal processes or requirements under the laws or regulations of Vietnam or laws and regulations of other jurisdictions that apply to us, our affiliates, or financial institutions to manage risks and to help detect and prevent illegal acts and fraud that may occur and other violations to our policies and agreements, and other persons to the extent necessary to enable us to conduct business, provide products and services, and meet the purposes for the collection and processing of personal data as described in this privacy notice.
7.2. Recipients of your personal data in clause 7.1 might have their own separate privacy notice, please read their respective privacy notice to see details of how they process your personal.
7.3. When we restructure our business, sell or transfer assets, acquire businesses or are acquired by other businesses, or merge with other businesses; we might have to disclose your personal data to our counterparties and their advisors. However, we will use our best effort to safeguard your data and require our relevant counterparties and their advisors to comply with applicable personal data protection laws and this privacy notice.
7.4. We will require persons receiving your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent unauthorized use or disclosure of your personal data.
8. International transfer of your personal data
8.1. We may send or transfer your personal data to SCG Companies or other persons located outside Vietnam if it is necessary in order for us to perform the purposes of processing as set out under Section 2 of this Privacy Notice.
8.2. We may store your personal data on computer servers or clouds located outside Vietnam and use software or applications of service providers located outside Vietnam to process your personal data. However, we will not allow unrelated parties to access to your personal data and will require the service providers to have appropriate security measures to protect your data.
8.3. In the event that your personal data is transferred to a foreign country, we will comply with applicable personal data protection laws and take appropriate measures to ensure that your personal data is protected and you can exercise your rights in accordance with the laws. Moreover, we will require those who receive the data to have appropriate protection measures for your personal data, to process such personal data only as necessary, and to take steps to prevent unauthorized use or disclosure of your personal data.
9. Security Measures
9.1. We have implemented appropriate technical and administrative standards to protect your personal data from loss, misuse, and unauthorized access use, disclose, or destruction. We use technology and security procedures such as encryption and access restriction to ensure that only authorized people shall have access to your personal data, and that they are trained about the importance of protecting personal data.
9.2. We provide appropriate security measures including administrative, technical, and physical safeguards (such as access control and user access management) to prevent unlawful loss, access, use, change, disclosure of personal data from those who do not have rights or duties related to that personal data. We will review the above-mentioned measures when necessary or when the technology changes to ensure effective security.
9.3. If we process your sensitive personal data, we will use our best endeavor to impose appropriate security measures to protect the data.
10. Your rights and obligations as data subjects
10.1. Your rights under the personal data protection law can be summarized as follows:
(1) Right to be aware of the processing of your personal data;
(2) Right to give and withdraw consent you given to us;
(3) Right to request to view and correct your personal data;
(4) Right to oppose our use or disclosure of personal data about you for marketing and advertising purposes;
(5) Right to request us to delete or destroy or make your personal data non-personally identifiable (anonymous) information;
(6) Right to request us to restrict the processing of your personal data;
(7) Right to request us to provide your personal data; and
(8) Right to file complaints, denunciation, or lawsuit to the authority, to claim damages, and to exercise self-defense mechanisms in the event that we, our data processors, our employees, or our contractors violate or do not comply with personal data protection laws.
10.2. We will consider your request, notify the result of the consideration, and execute it (if appropriate) within a reasonable timeframe from the date we receive the request. Your rights mentioned above will be in accordance with the personal data protection law.
10.3. You may exercise your rights under the law by submitting your request to the contact email of the relevant company listed in the Appendix .
10.4. Besides rights, you as the data subject bear certain obligations pursuant to Vietnam Personal Data Protection Laws, including but not limited to the obligation to provide complete and accurate personal data when consenting to the processing of personal data.
11. Information about data controller and Data Protection Officer
11.1. Data Controllers:
(1) The SCG Companies listed in the Appendix are the data controllers of this privacy notice.
(2) For the avoidance of doubt, each SCG company operates independently and does not act as a joint data controller in relation to the processing activities described in this privacy notice. Each company is solely responsible for its own data processing activities, and no joint responsibility is assumed or implied under this notice.
11.2. Business Address: The business addresses of the data controllers are listed in the Appendix .
11.3. Contact Information: You can contact the data controllers or inquire about this privacy notice by emailing the relevant data controllers’ email addresses in the Appendix .

In the event that this privacy notice is amended, we will announce a new privacy notice on this website, which you should periodically review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.

  • Cookies Notice (banner):
    1. This banner serves as a brief version of the Privacy Notice for Cookies in item 3.
    2. It must contain a hyperlink to the full version of the Cookies notice.
    3. The cookies banner should appear immediately when a user visits the website for the first time or if they haven’t visited in a while.
  • Cookies Setting:
    1. This setting serves as a way to ask for consent from users.
    2. If your company’s website or app uses more than one type of cookies, you need to develop a Cookie Settings feature that includes options for different types of cookies (e.g., necessary, functional, analytics, marketing). Your company must develop cookies settings only for the types that your website uses.
    3. This Cookies setting will allow users to manage their consent and comply with the PDPD.
  • Cookies Notice (full)
    1. This text serves as a full version of the Privacy Notice for Cookies (Cookies notice for short). To access it, you can click on the cookies notice from the Cookies banner in item 1 or find it on the homepage of the website for easier access, for example, next to the general Privacy Notice.
    2. This should be accessed by:
      1. Clicking the cookies notice link from the Cookies banner in item 1; and
      2. Put a hyperlink on the homepage of the website for easier access, for example, next to the general Privacy Notice.