I. PERSONAL DATA PROTECTION POLICY
Legal basis: according to the personal data protection decree no. 13/2023/ND-CP of the Government issued on April 17, 2023 and effect on July 1, 2023.
A. Commitment and consensus
Nakashima Vietnam Co., Ltd. (NVC) complies with the following privacy principles with respect to personal data.
The acceptance and agreement of this policy and the content adjustment and update of this policy is done in accordance with the labor contract, service contract/agreement, documents and records related to information provision and agreement of the parties involved. Consent form could be in writing, ticking the consent box including on electronic formats, etc.
The employees’ silence or non-response is not considered as their consent.
This policy applies to personal data owned or controlled by NVC and the personal data collected, used, disclosed and/or processed by NVC in Vietnam/ outside Vietnam.
The policy shall apply to all the employees and third parties involved in business with NVC.
1. NVC collects, uses, stores, accesses to lawfully personal data, and processes that data in a transparent manner.
B. Classify personal information
2. The policy provides protection to any kind of data collected with the consent of the data holders, including but not limited and is subject to the change of the regulation of NVC and law to the following:
2.1. Basic personal data
a) Last name, middle name and first name, other names (if any);
b) Date of birth; date of death or going missing;
d) Place of birth, registered place of birth, place of permanent residence, place of temporary residence, current place of residence, hometown, contact address;
f) Personal images;
g) Phone number, ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;
h) Marital status;
i) Information about the individual’s family relationship (parents, children);
k) Digital account information; personal data that reflects activities and activity history in cyberspace;
l) Other information associated with an individual or used to identify an individual that is not falling under Sensitive personal data Group
2.2. Sensitive personal data: refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, including:
a) Political and religious opinions;
b) Health condition and personal information stated in health record, excluding information on blood group;
c) Information about racial or ethnic origin;
d) Information about genetic data related to an individual’s inherited or acquired genetic characteristics;
e) Information about an individual’s own biometric or biological characteristics;
f) Information about an individual’s sex life or sexual orientation.
g) Data on crimes and criminal activities collected and stored by law enforcement agencies;
h) Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
i) Personal location identified via location services;
j) Other specific personal data as prescribed by law that requires special protection.
C. Processing purposes
3. NVC will process the data only if and to the extent that
a) Personal data has gained the consent of the data holders;
b) The processing is necessary for the relationship of the parties;
c) The processing is necessary for compliance with any legal obligations;
d) The processing it to further a legitimate business interest;
e) It is necessary for the employee’s performance.
4. NVC collects information with the explicit consent of the data holders, and uses it for the explicit, legitimate purposes set forth in this policy and for no other purpose, as follows:
a) Payment of salary, bonuses, allowances and other benefits to employees according the agreement in the labor contract, internal regulation of the company and the labor law;
b) Registration and participation in social insurance, health insurance, unemployment insurance and other voluntary insurance under the company’s internal regulations (if any);
c) Declare and pay taxes and fees in accordance with labor law;
d) To implement and comply with the company’s agreements with other parties, in which the law allows other parties the right to use the employee’s personal data;
e) To generate data, reports and statistics for the company as the request of the authorities or for other third parties;
f) To carry out other activities relating to the internal management and operation of the company that deems appropriate at each time and ensures the legitimacy of the use of the personal data of the employee;
g) For other purposes not contrary to applicable law and with written consent of the employee, except the cases where the consent of the data subject is not required as follows:
+ The personal data shall be processed to protect the life and health of the data holders or others in an emergency situation.
+ Disclosure of personal data in accordance with the law;
+ Processing of personal data by competent regulatory authorities in:
– The emergency regarding National Defense Emergency, National Security, Social Safety Order, disaster, dangerous epidemic;
– When there is a threat to national defense but not yet the point of declaring a state of emergency;
– To prevent riots and terrorism, crimes and law violations according to the provisions of law;
+ The personal data shall be processed to fulfill obligations under contracts the data holders with relevant agencies, organizations and individuals as the provisions of law;
+ The personal data shall be processed to serve operations by regulatory authorities as prescribed by relevant laws.
+ Make audio and video recording and process personal data obtained from audio or video recording activities in public places (with notice) by competent agencies and organizations in order to protect national security, social safety order, legitimate rights and interests of organizations and individuals as prescribed by law, unless otherwise provided by law.
+ To fulfill the contractual obligations of the data owner in accordance with the law.
5. NVC only collects data that is adequate, relevant, and limited for the purpose for which it is being collected.
6. NVC collects and processes personal data as accurately as possible.
7. Data that is necessary to run the business and from which NVC generates revenues, and it is collected with free consent and for a legitimate purpose will remain NVC property, and NVC will have the ultimate power to use that data legitimately.
D. Processing method and implementation measures
8. NVC shall process personal data through printed copies, audio recordings, video recordings or in the electronic formats data messages,… meanwhile takes appropriate and necessary measures for preventing the disclosure, loss or destruction of the personal information that it handles and for otherwise safely managing the information.
a) Measures for protecting personal data shall be applied from the beginning of and throughout the processing of personal data. Should a problem occur, NVC will endeavor to prevent any damage from spreading and will promptly take corrective action.
b) Leader of Department is in charge of receiving, controlling and processing personal data through means and equipment for processing personal data.
c) IT teams are in charge of checking the network security for the system and means, devices used for processing personal data prior to processing, irreversible deletion or destruction of devices containing personal data.
9. Personal data shall be retained in physical form at NVC, stored in electronic form in NVC’s computers and servers as long as necessary.
10. Should NVC consign the handling of all or part of its personal information to a third party, it will thoroughly vet the third party, and will conduct appropriate and necessary supervision of the third party to ensure that the consigned personal information is properly handled.
11. Should NVC receive a request from an individual to disclose, desist from using, or take some other action regarding the individual’s personal information, NVC will promptly comply, except when prescribed otherwise by law. However, if NVC is unable to confirm the individual’s identity, it will not comply with the request.
If there is a mistake in an individual’s personal information and the individual requests to correct it or to add or delete personal information, NVC will investigate the matter and then promptly comply with the request. However, if NVC is unable to confirm the individual’s identity, it will not comply with the request.
12. In case of a breach of the data, NVC will notify the individuals and the appropriate authorities within 72 hours of such breach.
13. Employees who violate the terms of this policy will be disciplined by NVC under the labor regulation, and if the violation causes damage, employees shall pay compensation under labor regulation, NVC’s internal regulations and law’s provisions.
14. Other cases are not been mentioned in this Policy will be implemented in accordance with current government regulations. NVC will strive continuously to improve and progress the protection of the personal information. Accordingly, this policy is subject to change without notice.
II. ANTI-BRIBERY POLICY
The Company shall do business fairly, honestly and transparently, shall not give or accept bribes, directly or indirectly, to gain a business advantage.
The Company, the Company’s employees shall not offer, promise, approve, participate in or authorize, either directly or through an intermediary, in giving Anything of Value to any employee/ commercial organizations for the purpose of influencing their actions (or ensuring they do not) and/or to gain a business advantage.
The Company shall not accept any form of personal corruption and does not engage in any form of incentives or unethical payments.
In any case of the Company’s employee breach of this anti-bribery anti-bribery policy, please contact us
III.CHANGING THIS POLICY
This policy may be changed without notice in order to improve it or if the related laws are revised or if some other appropriate reason occurs.
If the policy is changed, the changed policy will go into effect as soon as it is posted on this website, unless the Company specifies otherwise.