PRIVACY NOTICE

CONTENT

Privacy Notice for Visitors and Event Participants

SCG Companies respects the rights to privacy of our customers, including individuals acting on behalf of our corporate clients. To ensure that your personal data is protected, we have created this privacy notice to provide information on our processing of your personal data, in electronic and other formats, in accordance with the Vietnam Personal Data Protection Laws.
1. Definitions
1.1. “SCG Companies” refers to the companies listed in the Appendix .
1.2. “You” means individuals who visit our premises and individuals who participate in our events and activities;
1.3. “Processing” means any acts impacting personal data, including but not limited to collecting, recording, analyzing, confirming, storing, editing, publicizing, disclosing, combining, accessing to, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying personal data.
1.4. “Vietnam Personal Data Protection Laws” mean applicable Vietnamese laws on personal data protection, including but not limited to the Vietnam Decree No. 13/2023/ND-CP on Personal Data Protection (as amended, supplemented, or replaced from time to time).
2. Purposes of the processing
2.1. We process your personal data for the following purposes:
(1) to perform our contractual obligations with you or to take steps at your request before entering into a contract. This includes when you attend our events or visit our premises.
(2) to manage, develop, and conduct our business operations, including website and application administration.
(3) to control access to buildings, restricted outdoor areas, indoor areas, and the internet to protect security, prevent and detect crime, and use as evidence in investigations by our internal and government agencies.
(4) to establish, exercise, or defend legal claims, whether they pertain to you or us.
(5) to comply with the legal obligations to which we are subject.
(6) to protect vital interests, whether yours or another person. This includes making contact in case of an emergency or controlling and preventing the spread of diseases.
(7) to perform tasks in the public interest or to exercise official authority vested in us.
Please note that the above list is not exhaustive and may be subject to updates as necessary.
2.2. If we process your personal data for purposes that require consent, we will inform you of these specific purposes at the time of obtaining your consent. Further details regarding your consent and its implications are provided in the subsequent sections of this privacy notice.
3. Personal data we collect
We collect personal data directly from you and indirectly from reliable sources such as government agencies, SCG Companies, business partners, individuals who can legitimately disclose your personal data, and trusted service providers.
3.1. We collect the following types of personal data:
Participation in Activities: When you participate in any of our activities, whether organized by us, by a person we hire, or co-organized with another entity, we collect the following personal data:
(1) Registration and Participation Information: Name, surname, age, address, contact number, email, online chat, social media account, instant messaging account.
(2) Video and Audio Data: Still images and motion pictures (including photographs and videos recorded at seminars or event locations).
(3) Activity and Event Information: Details about activities or events you have participated in or registered for.
(4) Payment and Financial Transaction Information: Details of your payments and financial transactions related to the activity (if applicable).
Visiting Our Premises: When you visit our premises:
(1) CCTV Monitoring: We collect, monitor, and process your images and video recorded by CCTV (we do not record audio) in designated areas. Signage will be displayed to notify you about areas where CCTV operates.
(2) Visitor Records: We collect, store, and process the following personal data in our Visitor Records System:
• Personal information, such as name, surname, telephone number, email, identity card information, or other similar proof of identity.
• Vehicle registration number if you enter our premises by vehicle.
• Wi-Fi Registration: We require you to register when you use our Wi-Fi. The personal data we collect includes first name, last name, telephone number, and email.
3.2. Additional Data Collection: If we need to collect additional personal data, we will notify you and process the data in compliance with Vietnam Personal Data Protection Laws.
3.3. Sensitive Personal Data: Where necessary, we will process your sensitive personal data in accordance with Vietnamese Personal Data Protection Laws. We will ensure that we will try our best to provide adequate security measures to protect your sensitive personal data. We may need to collect and process sensitive personal data, including:
(1) We may collect and process your facial recognition or fingerprint data to verify your identity.
(2) We might have to collect and process general health data given by you (e.g. food allergy, drug allergy, vaccination) to organize events, meetings, and receptions; to accommodate you; and to comply with legal and regulatory requirements (e.g. criminal offence data).
(3) In some occasions, we might receive your sensitive personal data although we have no intention process the data. For example, we might receive data concerning your religious beliefs when we collect copies of your identification cards, which we will take appropriate measures to prevent collection and processing of such unnecessary data or ask you to redact the data before sending it to us.
(4) Sensitive personal data under our processing may also include financial information and location data.
3.4. Third-Party Data Disclosure: If you disclose personal data of other persons to us, you must be able to disclose such data and comply with applicable laws, which includes informing the data subjects of this privacy notice and other relevant documents before or when you disclose the data to us.
4. Cookies
4.1. We use cookies and similar technology to collect personal data as specified in our Cookies Notice.
5. Consent, withdrawal, and consequences
5.1. If we rely on your consent to process personal data, you are entitled to withdraw your given consent at any time but such withdrawal will not affect the validity of the processing made prior to the withdrawal.
5.2. Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives stated in this privacy notice.
5.3. You can withdraw your given consent by following instructions available in the channels that obtain consent from you (e.g. changing settings in your user accounts) or by submitting your request to the contact email of the relevant company listed in the Appendix .
5.4. If you are children (under 16 years of age), quasi-incompetent person, or incapacitated persons and you wish to give consent to us; you must obtain authorization from your legal representatives, guardians or custodians (depending on the specific context of each case) before giving consent to us.
5.5. If you give us consent on behalf of other persons, you must have authority to legally give the consent on behalf of the data subjects at the time when it is given to us.
6. Retention Period
6.1. We will retain your personal data for the period necessary to meet the objectives unless the law requires longer retention periods. In the event that such period is unclear, we will retain the data for a customary expected period in accordance with retention standards.
6.2. We have established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purposes of collecting that personal data.
6.3. If your personal data is processed based on consent, we will stop the processing when you have withdrawn the consent. However, we may keep your personal data to record your withdrawn so we can respond to your request in the future.
7. Disclosure of Your Personal Data
7.1. We disclose and share your personal data with:
(1) Companies within the SCG Group, including those outside Vietnam, as listed in the most recent annual report available at https://scc.listedcompany.com/ar.html; and
(2) Individuals and entities other than the companies in the SCG Group for the purpose of collecting and processing personal data as described in this privacy notice such as our dealers, transport and logistics service providers, postal service providers, data processing service providers, marketing service providers (who might send messages to you to promote our products and services), contractors (who might perform tasks on our behalf), financial service providers (such as banks, payment companies, electronic payment service providers, credit providers), IT service providers (such as providers of cloud services, blockchain systems, data analytics, SMS, or emails), IT developers, programmers, auditors, consultants, advisors, government agencies (e.g. the tax authorities), insurers, legal advisors, third parties (in Vietnam or anywhere else) that are related to subpoenas, court orders, or other legal processes or requirements under the laws or regulations of Vietnam or laws and regulations of other jurisdictions that apply to us, our affiliates, or financial institutions to manage risks and to help detect and prevent illegal acts and fraud that may occur and other violations to our policies and agreements, and other persons to the extent necessary to enable us to conduct business, provide products and services, and meet the purposes for the collection and processing of personal data as described in this privacy notice.
7.2. Recipients of your personal data in clause 7.1 might have their own separate privacy notice, please read their respective privacy notice to see details of how they process your personal.
7.3. When we restructure our business, sell or transfer assets, acquire businesses or are acquired by other businesses, or merge with other businesses; we might have to disclose your personal data to our counterparties and their advisors. However, we will use our best effort to safeguard your data and require our relevant counterparties and their advisors to comply with applicable personal data protection laws and this privacy notice.
7.4. We will require persons receiving your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent unauthorized use or disclosure of your personal data.
8. International transfer of your personal data
8.1. We may send or transfer your personal data to SCG Companies or other persons located outside Vietnam if it is necessary in order for us to perform the purposes of processing as set out under Section 2 of this Privacy Notice.
8.2. We may store your personal data on computer servers or clouds located outside Vietnam and use software or applications of service providers located outside Vietnam to process your personal data. However, we will not allow unrelated parties to access to your personal data and will require the service providers to have appropriate security measures to protect your data.
8.3. In the event that your personal data is transferred to a foreign country, we will comply with applicable personal data protection laws and take appropriate measures to ensure that your personal data is protected and you can exercise your rights in accordance with the laws. Moreover, we will require those who receive the data to have appropriate protection measures for your personal data, to process such personal data only as necessary, and to take steps to prevent unauthorized use or disclosure of your personal data.
9. Security Measures
9.1. We have implemented appropriate technical and administrative standards to protect your personal data from loss, misuse, and unauthorized access use, disclose, or destruction. We use technology and security procedures such as encryption and access restriction to ensure that only authorized people shall have access to your personal data, and that they are trained about the importance of protecting personal data.
9.2. We provide appropriate security measures including administrative, technical, and physical safeguards (such as access control and user access management) to prevent unlawful loss, access, use, change, disclosure of personal data from those who do not have rights or duties related to that personal data. We will review the above-mentioned measures when necessary or when the technology changes to ensure effective security.
9.3. If we process your sensitive personal data, we will use our best endeavor to impose appropriate security measures to protect the data.
10. Your rights and obligations as data subjects
10.1. Your rights under the personal data protection law can be summarized as follows:
(1) Right to be aware of the processing of your personal data;
(2) Right to give and withdraw consent you given to us;
(3) Right to request to view and correct your personal data;
(4) Right to oppose our use or disclosure of personal data about you for marketing and advertising purposes;
(5) Right to request us to delete or destroy or make your personal data non-personally identifiable (anonymous) information;
(6) Right to request us to restrict the processing of your personal data;
(7) Right to request us to provide your personal data; and
(8) Right to file complaints, denunciation, or lawsuit to the authority, to claim damages, and to exercise self-defense mechanisms in the event that we, our data processors, our employees, or our contractors violate or do not comply with personal data protection laws.
10.2. We will consider your request, notify the result of the consideration, and execute it (if appropriate) within a reasonable timeframe from the date we receive the request. Your rights mentioned above will be in accordance with the personal data protection law.
10.3. You may exercise your rights under the law by submitting your request to the contact email of the relevant company listed in the Appendix .
10.4. Besides rights, you as the data subject bear certain obligations pursuant to Vietnam Personal Data Protection Laws, including but not limited to the obligation to provide complete and accurate personal data when consenting to the processing of personal data.
11. Information about data controller and Data Protection Officer
11.1. Data Controllers:
(1) The SCG Companies listed in the Appendix are the data controllers of this privacy notice.
(2) For the avoidance of doubt, each SCG company operates independently and does not act as a joint data controller in relation to the processing activities described in this privacy notice. Each company is solely responsible for its own data processing activities, and no joint responsibility is assumed or implied under this notice.
11.2. Business Address: The business addresses of the data controllers are listed in the Appendix .
11.3. Contact Information: You can contact the data controllers or inquire about this privacy notice by emailing the relevant data controllers’ email addresses in the Appendix .

In the event that this privacy notice is amended, we will announce a new privacy notice on this website, which you should periodically review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.

  • Cookies Notice (banner):
    1. This banner serves as a brief version of the Privacy Notice for Cookies in item 3.
    2. It must contain a hyperlink to the full version of the Cookies notice.
    3. The cookies banner should appear immediately when a user visits the website for the first time or if they haven’t visited in a while.
  • Cookies Setting:
    1. This setting serves as a way to ask for consent from users.
    2. If your company’s website or app uses more than one type of cookies, you need to develop a Cookie Settings feature that includes options for different types of cookies (e.g., necessary, functional, analytics, marketing). Your company must develop cookies settings only for the types that your website uses.
    3. This Cookies setting will allow users to manage their consent and comply with the PDPD.
  • Cookies Notice (full)
    1. This text serves as a full version of the Privacy Notice for Cookies (Cookies notice for short). To access it, you can click on the cookies notice from the Cookies banner in item 1 or find it on the homepage of the website for easier access, for example, next to the general Privacy Notice.
    2. This should be accessed by:
      1. Clicking the cookies notice link from the Cookies banner in item 1; and
      2. Put a hyperlink on the homepage of the website for easier access, for example, next to the general Privacy Notice.