This Personal Data Protection Policy for Customers of Vietnam Posts and Telecommunications Group and its subsidiaries (hereinafter collectively referred to as the “Policy”) is intended to notify Customers of the Customers’ Personal Data processed by Vietnam Posts and Telecommunications Group (“VNPT”) and/or by subsidiaries with 100% charter capital owned by VNPT (“VNPT Subsidiaries”), the purposes of processing, processing methods, retention period, and Customers’ rights and obligations in relation to their Personal Data in accordance with Vietnamese laws on personal data protection, etc. This Policy also provides recommendations to help Customers enhance their awareness of personal data protection.
This Policy is an integral and inseparable part of the Contracts, General Transaction Terms, and the Terms and Conditions for use of VNPT/VNPT Subsidiaries’ products and services. This Policy applies to all platforms including but not limited to: websites, interface channels, means and tools on VNPT/VNPT Subsidiaries’ websites/wapsites/applications; consultation and signing of service provision contracts at VNPT/VNPT Subsidiaries’ telecommunications service points, at the address designated by the Customer and/or at another location selected by the Customer or VNPT/VNPT Subsidiaries.
To the extent permitted by law, VNPT/VNPT Subsidiaries may revise this Policy at any time and publicly post the revised Policy on VNPT/VNPT Subsidiaries’ official information channels.
By ticking the box “I have read and accept” or “I agree to the Policy and Terms of Use of VNPT/VNPT Subsidiaries,” or by signing a contract with VNPT/VNPT Subsidiaries that refers to this Policy (and any amendments thereto), or by continuing to register, log in, use VNPT/VNPT Subsidiaries’ website/wapsite/application, or use VNPT/VNPT Subsidiaries’ products and services without any complaints regarding this Policy (and any amendments thereto), the Customer confirms that they have carefully read, fully understood, and accepted all contents of VNPT’s Personal Data Protection Policy.
Article 1. Interpretation of Terms and Abbreviations
Within the scope of this Policy, the following terms are understood and interpreted as follows:
1.1. “VNPT” means Vietnam Posts and Telecommunications Group and the units under Vietnam Posts and Telecommunications Group.
1.2. “VNPT Subsidiaries” are enterprises in which VNPT owns 100% of charter capital. VNPT Subsidiaries include Vietnam Telecom Services Corporation (VNPT VinaPhone) and Vietnam Media Corporation (VNPT Media).
1.3. “Customer” means:
- An individual or the lawful representative of an individual who uses and/or is interested in VNPT/VNPT Subsidiaries’ products and services;
- An individual or the lawful representative of an individual who has accessed and/or registered an account on websites/wapsites/applications owned by VNPT/VNPT Subsidiaries.
1.4. VNPT/VNPT Subsidiaries’ products and services mean:
- Products and services researched, developed, and provided directly to Customers by VNPT or VNPT Subsidiaries;
- Products and services provided to Customers by VNPT/VNPT Subsidiaries in cooperation with partners.
Article 2. Processing of Personal Data
1. VNPT/VNPT Subsidiaries process Personal Data in the following cases, including but not limited to:
a) When the Customer or the Customer’s lawful representative contacts VNPT/VNPT Subsidiaries to request consultation on VNPT/VNPT Subsidiaries’ products and services or expresses interest in VNPT/VNPT Subsidiaries’ products and services;
b) When the Customer enters into a contract, registers for, or uses VNPT/VNPT Subsidiaries’ products and services;
c) When the Customer accesses and/or registers an account on websites/wapsites/applications for VNPT/VNPT Subsidiaries’ products and services;
d) When the Customer gives consent to provide Personal Data to VNPT/VNPT Subsidiaries via public sources, including but not limited to: websites/wapsites/applications for VNPT/VNPT Subsidiaries’ products and services; meetings, events, seminars, conferences, social networks, or dialogue/discussion programs organized, sponsored, or attended by VNPT/VNPT Subsidiaries; and/or from cookie files recorded on VNPT/VNPT Subsidiaries’ website;
e) When a customer of an organization or enterprise allows such organization or enterprise to share the customer’s personal data with VNPT/VNPT Subsidiaries;
f) When being a customer of an organization or enterprise in which VNPT/VNPT Subsidiaries make capital contributions or purchase shares; or being a customer of an organization or enterprise that cooperates with VNPT/VNPT Subsidiaries to provide products and services;
g) Upon request of competent state authorities;
h) When VNPT/VNPT Subsidiaries carry out activities in accordance with the personal data processing purposes stipulated in Article 3 of this Policy.
2. The Customer’s Personal Data processed by VNPT/VNPT Subsidiaries (hereinafter referred to as “Personal Data”) includes but is not limited to the following information, and may vary depending on the product/service type and the Customer’s interaction method with VNPT/VNPT Subsidiaries:
2.1. Basic Personal Data
a) Surname, middle name, and given name at birth; other names (if any);
b) Date, month, year of birth; date, month, year of death or missing;
c) Gender;
d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
e) Nationality;
f) Individual’s image;
g) Phone number; identity card/citizen ID number; personal identification number; passport number; driver’s license number; vehicle plate number; personal tax code; social insurance number; health insurance card number;
h) Marital status;
i) Information on family relationships (parents, children);
k) Information on an individual’s digital account; personal data reflecting activities and activity history in cyberspace.
2.2. Sensitive Personal Data
a) Data on crimes and criminal acts collected and stored by law enforcement authorities;
b) Customer information of credit institutions, branches of foreign banks, payment intermediary service providers, and other permitted organizations, including: customer identification information as required by law; account information; deposit information; deposited asset information; transaction information; information about organizations/individuals acting as security providers at credit institutions, bank branches, payment intermediary service providers;
c) Location data of an individual determined via location-based services;
d) Facial images and biometric data extracted from an individual’s face for the purpose of identity authentication, attendance recording, or timekeeping (Face Data). The collection, storage, use, and protection principles for Face Data are specified separately in Article 16 of this Policy.
2.3. Other Personal Data not falling under the group of Basic Personal Data and Sensitive Personal Data specified in Clause 2.1 and Clause 2.2 of this Article
a) Derived Personal Data: Telecommunications credit score expressed in points, being rating information derived from aggregation and analysis of the Customer’s telecommunications service usage data to assess, analyze, and predict habits, preferences, reliability, creditworthiness, behavior, trends, etc., and other information of the Customer, supporting the provision of VNPT/VNPT Subsidiaries’ products and services in the most appropriate and best manner;
b) Other Personal Data arising during VNPT/VNPT Subsidiaries’ provision of products and services and during the Customer’s use of products and services and interaction with the product/service provider.
2.4. VNPT/VNPT Subsidiaries will notify the Customer of Personal Data that must be provided and/or may optionally be provided at the time the Customer contacts, communicates, registers, or enters into a contract with VNPT/VNPT Subsidiaries. If mandatory Personal Data is not provided as required, the Customer will not be able to use certain VNPT/VNPT Subsidiaries’ products and services. In such case, VNPT/VNPT Subsidiaries may refuse to provide products and services to the Customer without being liable for any compensation and/or penalties.
2.5. At any time, the Customer may voluntarily provide VNPT/VNPT Subsidiaries with Personal Data beyond VNPT/VNPT Subsidiaries’ requirements. When the Customer provides Personal Data beyond VNPT/VNPT Subsidiaries’ requirements, it means the Customer permits VNPT/VNPT Subsidiaries to process the Customer’s Personal Data for the Purposes stated in this Policy or for the purposes stated at the time the Customer provides such Personal Data. In addition, when the Customer proactively provides information beyond VNPT/VNPT Subsidiaries’ requirements, the Customer is requested not to provide Sensitive Personal Data as defined by law from time to time. VNPT/VNPT Subsidiaries will not process and will not bear any legal responsibility for Sensitive Personal Data voluntarily provided by the Customer beyond VNPT/VNPT Subsidiaries’ requirements.
Article 3. Purposes of Processing Personal Data
VNPT/VNPT Subsidiaries may process the Customer’s Personal Data for one or more of the following purposes (“Purposes”):
1. Verify the accuracy and completeness of information provided by the Customer; identify or authenticate the Customer’s identity and conduct customer authentication procedures; process registration for use of VNPT/VNPT Subsidiaries’ products and services;
2. Appraise dossiers and eligibility of the Customer for using VNPT/VNPT Subsidiaries’ products and services. VNPT/VNPT Subsidiaries may use scoring methods, assign hot-charge thresholds, and review the Customer’s usage history of VNPT/VNPT Subsidiaries’ products and services to assess and manage credit risk, ensuring payment capacity for payment obligations and other related obligations throughout the provision of VNPT/VNPT Subsidiaries’ products and services to the Customer;
3. Manage and evaluate business activities, including designing, improving, and enhancing the quality of VNPT/VNPT Subsidiaries’ products and services, or conducting marketing communications; conduct market research, surveys, and data analysis related to VNPT/VNPT Subsidiaries’ products and services; research and develop new products/services and new delivery models, etc., to meet Customer needs;
4. Provide services to the Customer; contact the Customer to consult, exchange information, resolve requests/complaints, deliver invoices, statements, reports, or other documents related to VNPT/VNPT Subsidiaries’ products and services through various channels (e.g., email, chat) and to respond to Customer requests. Contact the Customer (or other necessary parties) to notify the Customer of information related to the use of VNPT/VNPT Subsidiaries’ products and services;
5. Advertising and marketing based on the Customer’s interests and service usage habits: VNPT/VNPT Subsidiaries may use Personal Data to advertise/market to the Customer about VNPT/VNPT Subsidiaries’ products and services, promotions, studies, surveys, news, updates, events, prize competitions, awarding of related prizes, and relevant advertisements and content about VNPT/VNPT Subsidiaries’ products/services or those of partners cooperating with VNPT/VNPT Subsidiaries.
If the Customer does not wish to receive emails, messages and/or periodic newsletters for VNPT/VNPT Subsidiaries’ advertising/marketing purposes (with frequency depending on VNPT/VNPT Subsidiaries’ policies from time to time and in compliance with law), the Customer may refuse in the manner guided by VNPT/VNPT Subsidiaries via channels/means such as SMS, calls, ticks on website/wapsite/application, etc., or contact VNPT/VNPT Subsidiaries’ customer care hotline;
6. Prepare financial reports, operational reports, or other related reports as required by law;
7. Comply with legal obligations under applicable law;
8. Prevent fraud or reduce threats to the life and health of others and the public interest: VNPT/VNPT Subsidiaries may use the Customer’s personal information to prevent and detect fraud and abuse to protect the Customer, VNPT/VNPT Subsidiaries, and related data subjects;
9. Internal administration;
10. Other purposes related to the purposes stated above;
11. With respect to Face Data, the processing purposes and related principles are specified separately in Article 16 of this Policy. Face Data is not used for advertising, marketing, or behavioral profiling.
Article 4. Methods of Processing Personal Data
VNPT/VNPT Subsidiaries apply one or more actions impacting Personal Data such as: collecting, recording, analyzing, verifying, storing, editing, disclosing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data, or other related actions.
Article 5. Start Time and End Time of Data Processing
1. Start time of data processing: From the time the Purposes specified in Article 3 of this Policy arise;
2. End time of data processing: VNPT/VNPT Subsidiaries terminate the processing of Personal Data once the Purposes stated in this Policy have been fulfilled, unless otherwise provided by law, or the Customer withdraws consent to the processing of Personal Data, or a competent state authority requests in writing;
Retention and deletion/anonymization mechanisms for Face Data are specified separately in Article 16 of this Policy.
Article 6. Sharing of Personal Data
By accepting this Policy, the Customer understands and agrees that VNPT/VNPT Subsidiaries may share the Customer’s Personal Data with the following organizations/individuals to fulfill the Purposes specified in this Policy, specifically:
1. VNPT; VNPT Subsidiaries; VNPT’s affiliated companies; affiliated companies of VNPT Subsidiaries;
2. Third-party service providers or partners in business cooperation agreements (with or without profit sharing): VNPT/VNPT Subsidiaries use and/or cooperate with other companies and individuals to conduct certain tasks and programs such as advertising programs, promotions for Customers, market research, analysis and product development, strategic consulting, fee collection services, etc. Such third-party service providers and/or partners may access, collect, use, and process the Customer’s Personal Data within the scope permitted by VNPT/VNPT Subsidiaries to perform their functions and must comply with personal data protection laws as a Data Processor;
3. Corporate restructuring: During business development, VNPT/VNPT Subsidiaries may sell or acquire businesses or restructure in accordance with law and business needs. In such transactions, Personal Data may be transferred and the transferee must continue to comply with this Policy;
4. VNPT/VNPT Subsidiaries are permitted to disclose Personal Data as required by law or at the request of competent state management authorities;
5. VNPT/VNPT Subsidiaries are permitted to disclose Personal Data to other telecommunications enterprises to serve tariff calculation, invoicing, and prevention of the Customer’s avoidance of contractual obligations.
6. Specific rules on sharing (or non-sharing) Face Data are provided in Article 16 of this Policy.
Article 7. Customer Rights
1. Right to be informed and Right to consent: Through this Policy, VNPT/VNPT Subsidiaries inform Customers about personal data processing activities before processing Personal Data. At the same time, the Customer has the right to agree or disagree with the terms and conditions of this Policy in the manner guided by VNPT/VNPT Subsidiaries via channels/means such as SMS, calls, ticks on website/wapsite/application, etc., or by contacting VNPT/VNPT Subsidiaries’ customer care hotline. Rights relating to Face Data consent/withdrawal are specified in Article 16;
2. Right of access and request for provision of Personal Data: The Customer has the right to access VNPT/VNPT Subsidiaries’ applications/websites/wapsites and/or contact VNPT/VNPT Subsidiaries directly to view and extract the Personal Data that the Customer has provided to VNPT/VNPT Subsidiaries for the Purposes specified in this Policy. If the Customer cannot self-access/extract or has difficulty doing so, the Customer may contact VNPT/VNPT Subsidiaries for assistance;
3. Right to rectification: The Customer has the right to rectify their Personal Data provided that such rectification does not violate the law. If the Customer cannot self-rectify or has difficulty rectifying Personal Data, the Customer may contact VNPT/VNPT Subsidiaries for assistance;
4. Right to object, restrict, and withdraw consent to data processing:
a) The Customer has the right to object to, restrict, or withdraw consent to the processing of the Customer’s Personal Data. However, objection, restriction, or withdrawal of consent in certain cases may result in VNPT/VNPT Subsidiaries being unable to provide products/services to the Customer, which means VNPT/VNPT Subsidiaries may unilaterally terminate the contract without compensating the Customer due to changes in conditions for contract performance. Therefore, VNPT/VNPT Subsidiaries recommend that the Customer carefully consider before objecting, restricting, or withdrawing consent.
b) If the Customer wishes to restrict receiving marketing/advertising/promotional content from VNPT/VNPT Subsidiaries and withdraw previous consent (if any) and/or object to continued use of their personal information for the purpose in Clause 5, Article 3 of this Policy, the Customer should follow VNPT/VNPT Subsidiaries’ instructions at the time VNPT/VNPT Subsidiaries collect Personal Data or contact VNPT/VNPT Subsidiaries via the contact information provided in this Policy. If the Customer does not wish to receive notifications from VNPT/VNPT Subsidiaries’ application, please adjust notification settings in the application or on the device.
5. Right to deletion of Personal Data: The Customer has the right to request VNPT/VNPT Subsidiaries to delete the Customer’s Personal Data provided the request complies with the law. However, deletion requests in certain cases may result in VNPT/VNPT Subsidiaries being unable to provide products/services to the Customer, which means VNPT/VNPT Subsidiaries may unilaterally terminate the contract without compensating the Customer due to changes in conditions for contract performance. Therefore, VNPT/VNPT Subsidiaries recommend that the Customer carefully consider before requesting deletion.
6. Right to complaint, denunciation, and lawsuit: The Customer has the right to complain, denounce, or initiate legal proceedings in accordance with law.
7. Right to claim damages: (i) There is an act violating personal data protection laws by VNPT/VNPT Subsidiaries; (ii) such violation causes actual damages to the Customer; and (iii) the Customer has fully performed obligations to protect their Personal Data in accordance with law, this Policy, and other agreements between VNPT/VNPT Subsidiaries and the Customer.
8. Right to self-protection: The Customer has the right to self-protection under the Civil Code, other relevant laws, and Decree No. 13/2023/ND-CP on personal data protection (and amendments thereto), or request competent authorities/organizations to apply civil rights protection measures under Article 11 of the Civil Code.
Article 8. Customer Obligations
The Customer is responsible for protecting their Personal Data as follows:
1. Proactively implement measures to protect, manage, and safely use their accounts and mobile devices (including but not limited to smartphones, computers, tablets, laptops, etc.) by logging out after use, setting strong and hard-to-guess passwords, and keeping login credentials and passwords confidential. These measures help prevent unauthorized access to the Customer’s account. VNPT is exempt from liability for the Customer’s damages in case the Customer’s password is disclosed/lost/stolen leading to unauthorized access; or any activity on the Customer’s account conducted on a lost/misplaced device resulting in unauthorized persons using services; or VNPT’s system is illegally compromised by a third party despite VNPT having fully implemented system protection measures;
2. The Customer is responsible for updating themselves on documents revising this Policy (if any) via VNPT/VNPT Subsidiaries’ official information channels;
3. After accepting all terms and conditions of this Policy, the Customer is responsible for providing full and accurate Personal Data as required by VNPT/VNPT Subsidiaries and for notifying VNPT/VNPT Subsidiaries immediately upon discovering any violations of personal data protection regulations. The Customer may proactively provide Personal Data beyond VNPT/VNPT Subsidiaries’ requirements provided the Customer complies with Clause 2.5, Article 2 of this Policy;
4. The Customer is responsible for respecting other data subjects’ Personal Data and complying with personal data protection laws, and participating in prevention and combat of violations of personal data protection regulations.
Article 9. Storage of Personal Data
1. Customers’ Personal Data stored by VNPT/VNPT Subsidiaries will be kept confidential. Within its capacity, VNPT/VNPT Subsidiaries will endeavor to apply reasonable measures to protect Customers’ Personal Data;
2. Location of Personal Data storage: To the extent permitted by law, VNPT/VNPT Subsidiaries may store Customers’ Personal Data in Vietnam and abroad, including on cloud storage solutions. VNPT/VNPT Subsidiaries apply data security standards in accordance with applicable laws;
3. Retention period of Personal Data: VNPT/VNPT Subsidiaries only store Customers’ Personal Data for the necessary and reasonable period to fulfill the Purposes specified in this Policy. However, if applicable law provides otherwise regarding retention periods, VNPT/VNPT Subsidiaries must comply with such legal requirements.
Article 10. Obligations of VNPT/VNPT Subsidiaries
1. Customers’ Personal Data is committed to be kept confidential in accordance with law and VNPT/VNPT Subsidiaries’ Personal Data Protection Policy.
2. VNPT/VNPT Subsidiaries strive to ensure Customers’ Personal Data is protected against violations of personal data protection regulations. VNPT/VNPT Subsidiaries maintain confidentiality commitments by applying physical, electronic, and managerial measures to protect Personal Data, including:
a) VNPT’s official website servers and information systems containing VNPT’s Personal Data are protected by security measures/technologies such as firewalls, encryption, intrusion prevention, etc.; and VNPT issues human control measures, establishes inspection, assessment, and review processes to prevent violations of personal data protection regulations.
Article 11. Possible Unintended Consequences and Damages
1. VNPT/VNPT Subsidiaries use various information security measures and technologies to protect Customers’ Personal Data from unintended use or sharing. VNPT/VNPT Subsidiaries commit to maximum confidentiality of Customers’ Personal Data. Some unintended consequences and damages may occur, including but not limited to:
a) Hardware/software errors during processing causing unintended impact (error, damage, loss, etc.) to Customers’ Personal Data;
b) Security vulnerabilities beyond VNPT/VNPT Subsidiaries’ control; systems being attacked by hackers leading to leakage of Customers’ Personal Data;
c) Customers themselves causing leakage of their Personal Data due to: carelessness or being scammed; accessing websites/downloading applications containing malware; unauthorized sharing of information with others, etc.
2. VNPT/VNPT Subsidiaries recommend that Customers strictly fulfill their responsibilities to protect Personal Data as specified in Article 8 of this Policy and as required by law.
3. If storage servers are attacked by hackers resulting in loss of Customers’ Personal Data, VNPT/VNPT Subsidiaries are responsible for notifying competent authorities for timely investigation and handling and informing Customers.
Article 12. Use of Cookies
1. Cookies may be used on VNPT/VNPT Subsidiaries’ website. “Cookies” are small text files stored on the Customer’s computer hard drive to help personalize the user’s website experience. VNPT/VNPT Subsidiaries use cookies to facilitate website navigation and ease login. Website statistics on VNPT/VNPT Subsidiaries’ website may be processed by third parties; accordingly, the Customer’s IP address when accessing the website may be transferred to third parties solely for statistical reporting purposes.
2. When collecting information via VNPT/VNPT Subsidiaries’ website, VNPT/VNPT Subsidiaries automatically collect non-personal, non-identifiable information related to website use, including but not limited to: the IP address of the Customer’s personal computer, the IP address of the Internet service provider, date/time of website access, operating system, pages visited on the website, content downloaded from the website, and the website address that directly referred the Customer to VNPT/VNPT Subsidiaries’ website. VNPT/VNPT Subsidiaries may use such information for statistical reports on website traffic and website usage behavior.
3. If the Customer does not wish to allow cookies, the Customer may refuse by changing privacy settings in the web browser. Refusing cookies generally does not affect website navigation. However, some website functions may be affected. After finishing website access, the Customer may still delete cookies from the system if desired.
Article 13. Internet Advertising and Third Parties
VNPT/VNPT Subsidiaries’ websites/wapsites/applications may include third-party advertisements and links to other websites/wapsites/applications. Third-party advertising partners may collect information about the Customer when the Customer interacts with their content, advertisements, or services. Any access and use of third-party links or websites are not governed by this Policy, but by those third parties’ privacy policies. VNPT/VNPT Subsidiaries are not responsible for third parties’ information practices.
Article 14. Processing of Personal Data Without Data Subject’s Consent
VNPT/VNPT Subsidiaries may process Personal Data without the data subject’s consent in the following cases:
1. In an emergency where immediate processing of relevant Personal Data is necessary to protect the life and health of the data subject or others;
2. Disclosure of Personal Data as required by law;
3. Processing by competent state authorities in cases of emergency relating to national defense, national security, social order and safety, major disasters, dangerous epidemics; where there is a threat to national security/defense but not to the extent of declaring a state of emergency; prevention and combat of riots, terrorism, crime, and legal violations as provided by law;
4. To fulfill contractual obligations of the data subject with related agencies, organizations, or individuals as provided by law;
5. Serving the activities of state authorities as stipulated by specialized laws.
Article 15. Contact Information
If the Customer has any questions about this Policy or wishes to exercise Customer rights relating to Personal Data, please contact VNPT/VNPT Subsidiaries via the following methods and information:
1. Contact the hotline as provided on VNPT/VNPT Subsidiaries’ official websites/wapsites/applications from time to time.
2. Send official correspondence to the following addresses:
a) Vietnam Telecom Services Corporation (VNPT VinaPhone): VinaPhone Building, Xuan Tao Street, Xuan La Ward, Tay Ho District, Hanoi.
b) Vietnam Media Corporation (VNPT Media): VNPT Building, 57 Huynh Thuc Khang, Lang Ha Ward, Dong Da District, Hanoi.
c) VNPT Information Technology Company (VNPT IT): VNPT Building, 57 Huynh Thuc Khang, Lang Ha Ward, Dong Da District, Hanoi.
3. Contact directly at VNPT/VNPT Subsidiaries’ transaction points nationwide.
4. Other contact methods such as Livechat, official fanpages of VNPT/VNPT Subsidiaries, and customer care email provided to Customers at all times.
Article 16. Face Data Policy
To ensure the highest security standards and strictly protect Customer privacy, VNPT/VNPT's Subsidiaries establish the following specific principles regarding Face Data:
1. Reasons for storing Face Data: VNPT/VNPT's Subsidiaries collect and store Face Data strictly and solely for the purpose of verifying the Customer's identity and facilitating the attendance and timekeeping features within our internal system.
2. Length of time Face Data is stored and the rationale: Customer Face Data is absolutely not stored indefinitely. This data is strictly retained only for as long as the Customer's account remains active. This specific retention period is required to ensure the continuous operation of the Customer's daily authentication and attendance processes.
3. Commitment to data deletion: Immediately upon the Customer's request to delete their account, or upon the termination of the service, all associated Face Data will be automatically, permanently, and irreversibly deleted from the servers of VNPT/VNPT's Subsidiaries within a maximum of thirty (30) days.
4. Third-party sharing and storage: VNPT/VNPT's Subsidiaries absolutely do not share, provide, transfer, or sell Customer Face Data to any third parties for any reason. Since there is no sharing of Face Data, no third parties are permitted to access or store the Customer's Face Data. This data is securely encrypted and stored exclusively on server systems under the sole control of VNPT/VNPT's Subsidiaries.