Last update : December 2022
Privacy Policy and Legal Statements
We appreciate your interest in our website and our resort (hereafter Chen Sea Resort & Spa Phu Quoc Vietnam or we). We highly value your trust in us, and recognize both the significance and the obligation to treat your data with care, and protect that data from misuse or abuse.
We take the protection of your private data very seriously, and strictly adhere to relevant data protection legislation. In particular, we have taken all the measurements needed to be complied with the new EU GDPR 2016/679 Regulation (EU) 2016/679 on the protection of natural persons. Personal data is collected on this website during the exercise of our services only to the extent necessary.
This privacy statement will inform you how we handle your data.
By using our website and our services, you agree that the data you have provided may be stored, processed, or used by us within the scope of this privacy policy.
Personal Data Definition
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
This policy forms part of the terms and conditions that govern our services. By accepting these terms and conditions, you expressly accept the provisions of this charter.
Our Seven Principles for Protecting your Personal Data
The seven principles below are applicable in our business:
- Transparency: when collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
- Legitimacy: we will collect and process your personal data only for the purposes described in this document.
- Relevance and accuracy: we will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
- Storage: we will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.
- Access, rectification, opposition: you may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information.
- Confidentiality and security: we will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.
- Sharing and international transfer: we may share your personal data within our partners or with third parties (such as commercial partners and/or service providers) for the purposes set out in this document. We will take appropriate measures to guarantee security when sharing or transferring such data.
What Personal Data is collected?
At various times, we will be obliged to ask you, as our customer, for information about you and/or members of your family, such as:
- Contact details (for example, last name, first name, telephone number, email)
- Personal information (for example, date of birth, nationality)
- Information relating to your children (for example, first name, date of birth, age)
- Your credit card number (for transaction and reservation purposes)
- Your arrival and departure dates
- Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding, type of newspapers/magazines, sports, cultural interests)
- Your questions/comments, during or following a stay in one of our establishments
The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet).
We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation.
When is your Personal Data collected?
Personal data may be collected on a variety of occasions, including:
- Resort activities:
- Booking a room
- Booking a service in our spa
- Checking-in and paying
- Eating/drinking at the hotel bar or restaurant during a stay
- Requests, complaints and/or disputes.
- Participation in marketing programs or events:
- Participation in customer surveys
- Subscription to newsletters, in order to receive offers and promotions via email.
- Transmission of information from third parties:
- Tour operators, travel agencies, and others
- Internet activities:
- Connection to the Chen Sea Resort & Spa Phu Quoc Vietnam (IP address, cookies)
- Online forms (online reservation, questionnaires, our pages on social networks, network login devices such as Facebook login etc.)
For what purposes?
We collect your personal data for the purposes of:
- Meeting our obligations to our customers.
- Managing the reservation of rooms and accommodation requests:
- Creation and storage of legal documents in compliance with accounting standards.
- Managing your stay at the hotel:
- Monitoring your use of services (telephone, bar, pay TV etc.)
- Managing access to rooms
- Internal management of lists of customers having behaved inappropriately during their stay at the hotel (aggressive and anti-social behavior, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).
- Improving our hotel service, especially:
- Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
- Adapting our products and services to better meet your requirements
- Customizing commercial offers and the promotional messages we send to you
- Informing you of special offers and any new services.
- Managing our relationship with customers before, during and after your stay:
- Providing details for the customer database
- Predicting and anticipating future behaviors
- Developing statistics and commercial scores, and carrying out reporting
- Knowing and managing the preferences of new or repeat customers
- Sending you promotions and tourist, hotel or service offers, or offers, or contacting you by telephone
- Managing requests to unsubscribe, promotions, tourist offers and satisfaction surveys
- Taking into account the right to object
- Improving the Chen Sea Resort & Spa Phu Quoc Vietnam services, especially:
- Carrying out surveys and analyses of questionnaires and customer comments
- Managing claims/complaints
- Securing and enhancing your use of our websites, especially:
- Improving navigation
- Implementing security and fraud prevention
- Conforming to local legislation
Who we share information with
As we work with many partners in many countries, we endeavor to provide you with the same services throughout the world.
Thus, to guarantee that, we have to share your personal data with internal and external recipients subject to the following conditions:
- In order to offer you the best service, we can share your personal data and give access to authorized personnel from the resort, including:
- Hotel staff
- Reservation staff using reservation tools
- IT departments
- Commercial partners and marketing services
- Medical services if applicable
- Legal services if applicable
- Generally, any appropriate person for certain specific categories of personal data.
With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
- External service providers
- Commercial partners: we may, unless you specify otherwise, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyze and apply certain devices to your data. This data processing will allow us and its privileged contractual partners to determine your interests and your customer profile, and will allow us to send you personalized offers.
- Social networking sites
- Local authorities: we may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
For the reasons explained above, our website may contain links to other sites operated by third parties.
In any ways, we are not responsible for the privacy practices or the content of such third-party web sites.
Protection of your Personal Data during international transfer
For the data collection purposes, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection.
Consequently, in addition to implementation of this policy, Chen Sea Resort & Spa Phu Quoc Vietnam employs appropriate measures to ensure secure transfer of your personal data to an another entity or to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected.
Data Security
Chen Sea Resort & Spa Phu Quoc Vietnam takes appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.
When you submit credit card data when making a reservation Email Security Powered by HPE IBE Copyright 2016 Hewlett Packard Enterprise Development LP encryption technology is used to guarantee a secure transaction.
Storage of data
Chen Sea Resort & Spa Phu Quoc Vietnam retains your personal data only for the period necessary for the purposes set out in this document or in accordance with the provisions of applicable law.
Protection of minors
Children and adolescents with limited legal capacity are as a matter of principle not allowed to transfer any personal data to our website without prior consent of their parents or legal guardian. We will in no way knowingly collect personal data from children or adolescents with limited legal capacity, use these data in any form, or divulge these data to third parties without authorization.
Deletion of the collected data
Deletion of the collected data occurs when you revoke your agreement to the processing of such data, when the knowledge of your data will no longer be necessary for the fulfillment of the purpose that lead to the collection and processing of your data, or where the processing of your data is not permitted by law.
Access and modification
You have the right to access your personal data collected, to be informed of how we are using it, to have any of your inaccurate or incomplete data rectified, to erasure it at any time for any reason (or for no reason), to restrict a certain type of processing, to retain and reuse the data for other purposes, to object to how your data is used and to limit its use by automated decision making and profiling.
In the event of difficulty exercising your rights, please contact the Data Privacy responsible directly by sending an email to [email protected]
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver’s license or passport, along with your request.
If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy responsible as indicated above.
All requests will receive a response as swiftly as possible and in accordance with applicable law.
Updates
We may modify this policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making further reservation on our website.
Last update : December 2022
Cookies Policy
This policy explains how cookies are used on this website. The policy may be amended from time to time. All changes made to this Privacy Policy will be updated on our website. By using this site you agree to the placement of cookies on your computer in accordance with the terms of this policy. If you do not wish to accept cookies from this site please either disable cookies or refrain from using this site. What are Cookies?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can recognise you when you revisit and remember certain information about you. This can include which pages you have visited, choices you have made from menus, any specific information you have entered into forms and the time and date of your visit.
Types of Cookies
There are two main types of cookies:
- Session cookies: these are temporary cookies that expire at the end of a browser session; that is, when you leave the site. Session cookies allow the website to recognise you as you navigate between pages during a single browser session and allow you to use the website most efficiently. For example, session cookies enable a website to remember that a user has placed items in an online shopping basket.
- Persistent cookies: in contrast to session cookies, persistent cookies are stored on your equipment between browsing sessions until expiry or deletion. They therefore enable the website to “recognize” you on your return, remember your preferences, and tailor services to you.
In addition to session cookies and persistent cookies, there may be other cookies which are set by the website which you have chosen to visit, such as this website, in order to provide us or third parties with information.
Our use of Cookies
We currently use, and may use in the future, cookies on our website. Cookies allow us to provide a customized experience. This is a common practice on most commercial websites.
By accessing our website, you agree that we can place cookies in your device. These cookies include domain information that is used to maintain aggregate website data and aids us to learn about the online behavior of our guests, including how often they visit our website and their click-through behavior on our website. This information is used to improve our website’s content and navigation for our guests and to personalize our guests’ online experience.
Our website may allow third parties to download cookies to your device. Third parties, including analytics firms and business partners, may use cookies and other technologies to collect non-personal data about your online activities while you are using our website.
We use session cookies to help us maintain security and verify your details whilst you use the website as you navigate from page to page, which enables you to avoid having to re-enter your details each time you enter a new page. We use persistent cookies to collect and compile anonymous, aggregated information for statistical and evaluation purposes to help us understand how users use the website and help us improve the structure of our website.
Some of our cookies may collect and store your personal information, such as your name or email address. We are committed to respecting and protecting your privacy and will ensure that all personal information collected by us is kept and treated in accordance with our privacy policy.
Refusing Cookies on this site
Most browsers are initially set to accept cookies. However, you have the ability to disable cookies if you wish, generally through changing your internet software browsing settings. It may also be possible to configure your browser settings to enable acceptance of specific cookies or to notify you each time a new cookie is about to be stored on your computer enabling you to decide whether to accept or reject the cookie.
Storage of Data
We retain your personal data only for the period necessary for the purposes set out in this document or in accordance with the provisions of applicable law.
Protection of Minors
Children and adolescents with limited legal capacity are as a matter of principle not allowed to transfer any personal data to our website without prior consent of their parents or legal guardian. Chen Sea Resort & Spa Phu Quoc Vietnam will in no way knowingly collect personal data from children or adolescents with limited legal capacity, use these data in any form, or divulge these data to third parties without authorization.
Deletion of Collected Data
Deletion of the collected data occurs when you revoke your agreement to the processing of such data, when the knowledge of your data will no longer be necessary for the fulfilment of the purpose that lead to the collection and processing of your data, or where the processing of your data is not permitted by law.
Social Networks
Our website hosts plug-ins from common social networks. If you use such a plug-in, a connection to the servers of the relevant social network will be established, and information about your visit to our website will be transferred. If you are logged in to said social network, this information can be related by the social network to your personal profile. We shall not be liable for the transfer and processing of your data by social networks. Please refer to the terms and policies of use of the relevant social networks.
Access and modification
You have the right to access your personal data collected by Chen Sea Resort & Spa Phu Quoc Vietnam and to modify it subject to applicable legal provisions.
You may also exercise your right to object by writing to the address below.
In the event of difficulty exercising your rights, please contact the Data Privacy responsible directly by sending an email to [email protected] by writing to the address at Bai Xep, Ong Lang, Cua Duong, Phu Quoc, Kien Giang, Vietnam 920000
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. You will be asked to include a copy of an official piece of identification, such as a driver’s license or passport, along with your request.
If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy responsible as indicated above.
All requests will receive a response as swiftly as possible and in accordance with applicable law.
Updates
We may modify this policy from time to time. Consequently, we recommend that you consult it regularly, particularly when making further reservation on our website.
Last update : December 2022
Website Legal Notice
© 2017 Chen Sea Resort & Spa. All right reserved. Reproduction, adaptation, or translation without permission is prohibited except as allowed under the International copyright laws. All the text, graphics, design, content, and other works are the copyrighted works of Chen Sea Resort and Spa Phu Quoc.
Terms and Conditions of Use
Welcome to the Chen Sea Resort and Spa Phu Quoc (www.chensea-resort.com) (hereby Chen Sea)
Use of this site is governed by the Terms and Conditions set forth.
Please read these Terms and Conditions carefully before using this website. The information and materials provided by Chen Sea may be used for informational purposes only.
By using, accessing or downloading materials from this website you agree to follow the terms and provisions as outlined in this legal notice, which apply to all visits to the Chen Sea website, both now and in the future.
Chen Sea may at any time revise and update the Terms and Conditions.
You are encouraged to periodically visit this page to review the most current Terms and Conditions to which you are bound. If you do not agree to these Terms and Condition of Use, please do not use this website.
Restrictions
You may view, download and copy information and materials available on this website solely for your personal, non-commercial use. You may also use such material within your organization in connection with the support of Chen Sea’s products.
As a condition of use, you agree not to modify or revise any of the materials in any manner, and to retain all copyright and other proprietary notices as contained in the original materials on any copies of the materials.
No other use of the materials or information is authorized.
Any violation of the foregoing may result in civil and/or criminal liabilities.
Ownership of Information and Materials
The information and any materials (including white papers, press releases, data sheets, product descriptions, and FAQs) available on or form this website are the copyrighted works of Chen Sea, and any unauthorized use of that information or materials may violate copyright, trademark and other laws.
Any rights not expressly granted herein are reserved.
Trademark Information
Chen Sea’s trademarks are registered and may be used only with written permission from Chen Sea. All other trademarks, brands and names are the property of their respective owners.
Except as expressly specified in these terms and legal restrictions, nothing contained herein shall be construed as conferring by implication, estoppel or otherwise any license or right under any patent, trademark, copyright or any proprietary rights of Chen Sea or any third party.
Links to other websites
As a convenience, and to make the Chen Sea website truly service oriented we have included links to complementary sites on the Internet. These sites are owned and operated by third parties.
Chen Sea makes no representation and is not responsible for the availability of, or content located on or through these third party site. A third party link from the Chen Sea website is not an indication that Chen Sea endorses the third party or its site, or has any affiliation with or between Chen Sea and the third party hosting site.
Feedback
All comments, feedback and information or materials submitted to Chen Sea through or in association with this website shall be considered non confidential and Chen Sea’s property.
By submitting such comments, information, feedback or materials to Chen Sea, you agree to a no-signed assignment to Chen Sea of worldwide rights to use, copy, modify, display and distribute the submissions.
Chen Sea may use these comments, information or materials in any ways it chooses in an unrestricted basis.
Disclaimer
Chen Sea Internet Team strive to provide with you with useful, accurate and timely information on this website. Accordingly Chen Sea has attempted to provide accurate information and materials on this website but assumes no responsibility for the accuracy and completeness of that information or materials.
Chen Sea may change the content of nay information or materials available at this website or to the products described in them, at any time without notice.
However, Chen Sea makes no commitment to update the information or materials available at this website which, as a result, may be out of date. Information or opinion expressed in bulletin boards or other forums are not necessary those of Chen Sea.
Neither Chen Sea, nor its officers, directors, employees, agents, distributors, or affiliates are responsible or liable for any loss damage (included but not limited to, actual, consequential or punitive), liability, claim, or any injury or causes related to or resulting from any information posted on Chen Sea’s website.
Chen Sea reserves the rights to revise these terms and/or legal restrictions at any time. You are responsible for reviewing this page from time to time for ensure compliance with the then- current terms and legal restrictions because they will be binding on you. Certain provisions of these terms and legal restrictions may be superseded by expressly designated legal notices or terms located on particular pages of this website.
ALL INFORMATION AND MATERIALS AVAILABLE AT THIS WEBSITE ARE PROVIDED “AS IS” WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND CHEN SEA DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
IN NO EVENT SHALL CHEN SEA BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES OR THOSE RESULTING FROM LOST PROFITS, LOST DATA OR BUSINESS INTERRUPTION) ARISING OUT OF THE USE, INABILITY TO USE, OR THE RESULTS OF USE OF THIS WEBSITE, ANY WEBSITES LINKED TO THIS WEBSITE, OR THE MATERIALS OR INFORMATION CONTAINED AT ANY OR ALL SUCH WEBSITES, WHETHER BASED ON WARRANTY, CONTRACT, TORT OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF THE MATERIALS OR INFORMATION ON THIS WEBSITE RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA, YOU ASSUME ALL COSTS THEREOF.
Termination of Use
Chen Sea may, in its sole discretion, terminate or suspend your access to all or part of its website, including, but not limited to any bulletin boards on its site, for any reason, including without limitation, breach of this agreement.
In the event this agreement is terminated, the restrictions regarding materials appearing on the site and the representations and warranties, indemnities, and limitation of liabilities set forth in this agreement shall survive any such termination.
Governing Law, Jurisdiction and Venue
This agreement shall be governed by and construed in accordance with the laws of Hong Kong exclusive of its choice of law principles. The courts shall have exclusive jurisdiction and venue over any dispute arising out of or relating to this agreement, and each party hereby consents to the jurisdiction and venue of such courts.
General Provisions
If any provision of this agreement is deemed void, unlawful or otherwise unenforceable for any reason, that provision shall be severed from this agreement and the remaining provisions of this agreement shall remain in force.
This contains the entire agreement between you and Chen Sea concerning your use of the site, and the agreement shall not be modified, except in writing, signed by both parties. If you have questions regarding Chen Sea’s Terms and Conditions, please email to [email protected]
Last update : December 2022
Code of Conduct
1. Preface
Chen Sea Resort & Spa Phu Quoc (hereinafter referred to as Chen Sea) takes upon itself to observe its social and ethical responsibilities in every way. We are concerned about the people who are involved in our business.
It is therefore important to us that the name Chen Sea should always be associated with respect for human rights, fair working conditions and environmentally responsible business practices.
This Code of Conduct applies to all Chen Sea departments and operating fields and to all its suppliers and business partners.
2. Adherence to laws and ethical principles
Chen Sea’s suppliers and other business partners adhere to the various legal systems applicable to them. They support the principles of the UNO’s General Declaration of Human Rights and the Declaration of the International Labour Organization on Fundamental Principles and Rights at Work in accordance with national laws and conventions.
3. Corruption and bribery forbidden
Chen Sea does not tolerate any form of corruption or bribery, including any illegal offers of payment or similar benefits with the aim of influencing decision-makers. Chen Sea expects its suppliers and other business partners to adhere to international anti-corruption standards as laid down in the local anti-corruption and anti-bribery legislation.
Chen Sea’s employees do not accept any payments in kind, monetary payments, loans, non-monetary gifts (such as holidays, invitations to events or other privileges), nor any services that would provide them with a personal benefit, from suppliers, business partners and other third parties.
This rule also applies to family members of the employees and other associated persons, partners and close relatives. Promotional gifts of a low value constitute an exception. Any doubts should be discussed with the hotel General Manager.
Gifts, favours and other payments in kind may only be offered and handed over by suppliers and business partners for the benefit of Chen Sea’s business operations and business assets.
4. Observance of basic rights of employees
Anyone who works directly or indirectly for Chen Sea has a claim to the protection of their basic human rights. No employee may be discriminated against on the basis of their age, race, sex, religion, sexual orientation, marital status, parenthood, political opinion or ethnic origin.
Chen Sea rejects child labour, forced labour or the employment of illegal labour as well as any psychological or physical disciplinary measures. Chen Sea condemns any type of harassment and/or bullying. Any occurrences of this kind will result in the immediate suspension of business relations with suppliers or business partners once they become known.
Chen Sea and its business partners and suppliers adhere to the local national laws and regulations governing working hours, salaries and wages and benefits offered by employers. In particular, this means that Chen Sea complies with statutory regulations and collective wage agreements.
5. Health and safety
The health and safety of its employees and the guests constitutes the top priority for Chen Sea.
We strive for the implementation of occupational health and safety regulations at a high level, we adhere to the relevant occupational health and safety regulations and we ensure a safe working environment that is conducive to good health, serving to maintain the health of employees and guests and to avoid accidents, injuries and work-related illnesses.
6. Environmental protection
Chen Sea recognised at an early stage that the careful use of resources constitutes an important contribution to securing the future of our society.
All our premises therefore take steps to save energy, avoid unnecessary waste and protect the environment. Chen Sea expects its suppliers and business partners to adhere to the legal requirements and international standards regarding environmental protection and to all relevant environmental legislation.
7. Protection of Children against Sexual Exploitation
Chen Sea does not tolerate any form of sexual violence against or exploitation of children (child prostitution, child pornography, child trafficking etc.) in the hotel or on the premises.
In accordance with the UN Convention on the Rights of the Child, persons who have not attained the age of 18 are considered minors. Any violation of the code, which must be observed, has to be reported immediately to the local police.
8. Compliance with the payment obligation, compliance with tax law
Chen Sea is fully complied with all relevant tax and payment regulations and laws and with the best standards as set in the Payment Card Industry Data Security Standard (PCI DSS) for the credit cards payment transactions.
9. Dialogue with business partners
This Code of Conduct is a public document and is to be presented as such, so that everyone involved in compiling and marketing our services is familiar with the ethical principles set out in this document.
Our suppliers and other business partners must ensure that employees and subcontractors involved with Chen Sea know these guidelines and adhere to the rules.
10. Data Protection and Information Security
In its business operations, Chen Sea may process confidential and sensitive information or may acquire such information; in this respect Chen Sea therefore is obliged to maintain confidentiality and the safeness of the data storage.
For more details, please refers to our Personal Data Protection Policy.
Last update : December 2022
DATA PROCESSING TERMS
These terms apply and bind the Subscriber, as Controller, that either occasionally and for limited services or with a durable agreement has business with Chen Sea Resort & Spa, as Processor. All the definitions of terms used in this document are drawn from Article 4 of the European Union’s General Data Protection Regulation to which to refer.
Data Processing Terms: in the course of providing the services in the interest of the Controller, the data processor may process personal data on behalf of the Controller. The parties agree to comply with the following provisions with respect to any personal data processed.
Processing of Controller Personal Data: Processor only process Controller personal data for the purposes in the interest of the Controller. The Processor shall not process, transfer, modify, amend or alter the Controller data or disclose or permit the disclosure of the Controller data to any third party other than in accordance with Controller’s documented instructions. The Processor shall inform the Controller of that legal requirement before processing the personal data and comply with the Controller’s instructions to minimize, as much as possible, the scope of the disclosure.
Reliability and Non–Disclosure: Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Controller personal data, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Controller Personal Data.
The Processor must ensure that all individuals which have a duty to process controller personal data are informed of the confidential nature of the Controller Personal Data and are aware of Processor’s obligations, are subject to confidentiality undertakings, are subject to user authentication and log-in processes when accessing the Controller Personal Data.
Personal Data Security: taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of Controller Personal Data security appropriate to the risk (i.e. pseudonymization and encryption, thee ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, the ability to restore the availability and access to Controller Personal Data in a timely manner in the event of a physical or technical incident).
Sub-Processing: Controller hereby authorises the Processor to engage the Sub-Processors. In order to do so, the Processor shall provide the Controller with full details of the Processing to be undertaken by each Sub-processor, carry out adequate due diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, include terms in the relationship between the Processor and each Sub-processor which are the same as those set out hereby, remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data.
Data Subject Rights: Taking into account the nature of the Processing, the Processor shall assist the Controller by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising Data Subject rights as laid down in EU GDPR.
The Processor shall: 1) promptly notify the Controller if it receives a request from a Data Subject, the Supervisory Authority and/or other competent authority 2) cooperate as requested by the Controller to enable the Controller to comply with any exercise of rights by a Data and comply with any assessment, enquiry, notice or investigation 3) provide assistance as is reasonably requested by the Controller to enable the Controller to comply with the relevant request within the timescales prescribed by the Data Protection Laws 4) implement any additional technical and organisational measures as may be reasonably required by the Controller to allow the Controller to respond effectively to relevant complaints, communications or requests.
Personal Data Breach: Processor shall notify the Controller without undue delay and, in any case, within twenty-four (24) hours upon becoming aware of or reasonably suspecting a Personal Data Breach. The Processor will provide the Controller with sufficient information to allow the Controller to meet any obligations to report a Personal Data Breach (nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned, the name and contact details of the Processor’s Data Protection Officer, Privacy Officer or other relevant contact from whom more information may be obtained, the estimated risk and the likely consequences of the Personal Data Breach, the measures taken or proposed to be taken to address the Personal Data Breach).
Erasure or return of Controller Personal Data: Processor shall promptly and, in any event, within 90 (ninety) calendar days of the earlier of: (i) cessation of Processing of Controller Personal Data by Processor; or (ii) termination of the agreement, at the choice of Controller (such choice to be notified to Processor in writing) either: 1) return a complete copy of all Controller Personal Data to the Controller by secure file transfer and securely erase all other copies of Controller Personal Data Processed by the Processor; or 2) securely wipe all copies of Controller Personal Data Processed by Processor or any Authorised Sub-processor.
Processor may retain Controller Personal Data to the extent required by local law, and only to the extent and for such period as required by law, and always provided that Processor shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only Processed as necessary for the purpose(s) specified in the Union or Member State law requiring its storage and for no other purpose.
Audit rights: Processor shall make available to the Controller, upon request, all information necessary to demonstrate compliance with these terms and allow for, and contribute to audits, including inspections by the Controller or another auditor mandated by the Controller of any premises where the Processing of Controller Personal Data takes place.
International Transfers of Controller Personal Data: Processor shall not process Controller Personal Data nor permit any Authorised Sub-processor to process the Controller Personal Data in a Third Country, unless authorized by Controller in advance.
General Terms: Controller shall terminate automatically upon termination of the principal agreement (if any) or expiry or termination of all service contracts entered into by the Processor, pursuant to the principal agreement (if any), whichever is later. These terms shall be governed by the governing law of Vietnam. Any breach of these terms shall constitute a material breach of the principal agreement (if any). With regard to the subject matter of these Terms in the event of inconsistencies between the provisions of this agreement and any other agreements between the parties, the provisions of these terms shall prevail with regard to the parties’ data protection obligations for Personal Data. Should any provision of these terms be invalid or unenforceable, then the remainder shall remain valid and in force.
SHARE
LOCATION
Bai Xep – Ong Lang Hamlet, Cua Duong Village, Phu Quoc District, Kien Giang Province, Vietnam.