1. This Policy regulates the manner in which MPT processes the personal data of customers who interact with the electronic information page and/or use the products/services of MPT.

2.1. ‘MPT’ refers to Minh Phuc Company Limited (MP Transformation).

2.2. A ‘Customer’ is an individual who approaches, learns about, registers for, uses, or is involved in the operational process of providing MPT’s products/services.

2.3. ‘Personal Data’ or ‘PD’ means information in the form of symbols, writing, numbers, images, sounds, or similar forms in an electronic environment, associated with or identifying a specific individual. Personal data includes both basic personal data and sensitive personal data.

Basic Personal Data includes:

a) Surname, middle name, and given name at birth, other names (if any);

b) Date, month, and year of birth; date, month, and year of death or disappearance;

c) Gender;

d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;

e) Nationality;

f) Individual’s image;

g) Telephone number, identity card number, personal identification number, passport number, driver’s license number, vehicle registration number, personal tax identification number, social insurance number, health insurance card number;

h) Marital status;

i) Information about family relationships (parents, children);

k) Information about an individual’s account number; personal data reflecting online activities and history;

l) Other information associated with or identifying a specific individual not covered in clause 4 of this Article.

Sensitive Personal Data includes data associated with an individual’s privacy, which, if violated, directly affects the individual’s rights and legitimate interests, including:

a) Political views, religious beliefs;

b) Health status and private life recorded in medical records, excluding blood group information;

c) Information related to racial or ethnic origin;

d) Information about an individual’s inherited or acquired genetic characteristics;

đ) Information about an individual’s physical attributes, unique biological characteristics;

e) Information about an individual’s sexual life, sexual orientation;

g) Criminal data, criminal behavior collected and stored by law enforcement agencies;

h) Customer information of credit institutions, foreign bank branches, intermediary payment service providers, and other authorized organizations, including: customer identification information as prescribed by law, account information, deposit information, asset deposit information, transaction information, information about organizations, individuals as guarantors at credit institutions, bank branches, intermediary payment service providers;

i) Data about an individual’s location determined through location services;

k) Other personal data specified by law as unique and requiring necessary security measures.

2.6. Protecting personal data involves activities to prevent, detect, stop, and handle violations related to personal data as prescribed by law.

2.7. Processing personal data includes one or more activities impacting personal data, such as: collecting, recording, analyzing, verifying, storing, editing, disclosing, combining, accessing, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other related actions.

2.8. A ‘Third Party’ is an organization or individual other than MPT that participates in the process of personal data processing.

2.9. MPT’s communication channels include: the websites mpt.com.vn; mpfamily.vn; Fanpage, Youtube, Zalo, Linkedin, and other channels under the company’s management.

3.1. Customers agree to allow MPT to process their PD for one or more of the following purposes:

a) Verify identity and manage customer information;

b) Contact for consultation, provide information about products, services, or customer care and support during usage;

d) Market analysis and research;

e) Research and development of new products and services;

h) Compliance with requests from competent state authorities;

i) Any other purposes for the company’s operations permitted by law;

k) Provide information to the group – MPGROUP Joint Stock Company and its member companies to carry out the above purposes, and these entities are also bound by the confidentiality terms like those in this document;

3.2. Beyond the purposes mentioned above, MPT will request the customer’s permission at the time of data collection or before starting processing, or as otherwise permitted by law.

4.1. The basic personal data and sensitive personal data of customers and related individuals are permitted by law.

4.2. Data related to electronic information pages or technology applications: technical data (including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the electronic information page, application usage statistics, application settings, date and time of connection to the application, location data, and other technical contact information); security login details; usage data.

4.3. Marketing data: interests in advertising; cookie data; clickstream data; web browsing history; responses to direct marketing; and the choice to opt-out of direct marketing.

5.1. Security Principles:

a) MPT establishes policy regulations to ensure information safety and protect PD in accordance with current legal provisions;

b) MPT shall not use, transfer, provide, or share any PD of the Customer to any third party without the Customer’s consent, except for the parties mentioned in this policy;

5.2. Data Storage: MPT may need to store the Customer’s PD for a period necessary to fulfill the purposes stated in Article 3 of this policy and as required by current law.

5.3. Potential consequences and damages that may occur include, but are not limited to:

a) Hardware or software errors during data processing that result in the loss of Customer’s data;

b) Security vulnerabilities beyond MPT’s control, such as system attacks by hackers leading to data breaches;

c) Customers inadvertently causing data breaches due to: carelessness or being deceived into accessing websites, downloading applications containing malicious software.

6.1. Directly from the Customer:

a) When the Customer submits a registration request or fills in information on any form related to MPT’s products and services, or MPT’s partners;

b) When the Customer interacts with MPT’s sales representatives and customer service staff through calls, correspondence, face-to-face meetings, emails, or social media channels;

c) When the Customer uses certain services of MPT that include setting up online accounts on MPT’s service applications;

d) When the Customer sends their personal information to the Company for any other reason;

e) When the Customer purchases or uses third-party services through MPT;

6.2. From other third parties:

a) MPT may receive the Customer’s personal information from state regulatory agencies or relevant third parties, in accordance with that third party’s privacy policy.

7. MPT employs one or more activities impacting PD such as: collecting, recording, analyzing, verifying, storing, editing, disclosing, combining, accessing, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying PD, or other related actions.

8. MPT will carry out the sharing and joint processing of PD with the following organizations and individuals:

a) Member companies within the MPGROUP ecosystem

b) Contractors, agents, partners, suppliers, customers of MPT

c) MPT’s advisory experts in accordance with legal regulations

d) Courts, competent state authorities in accordance with legal provisions and/or when requested.

9.1. Customer Rights

Unless otherwise provided by law, Customers have the following rights:

a) The right to provide, access, edit, delete personal data, withdraw consent to the processing of personal data, and restrict or object to the processing of their personal data;

b) Requests for changes to their personal data should be sent in writing to MPT.

c) Other rights as stipulated by current legislation.

9.2. Customer Obligations

a) To protect their personal data; to promptly notify MPT upon discovering any errors, misunderstandings about their PD, or suspicions that their PD is being compromised;

b) To provide complete, honest, and accurate information as required when registering/signing cooperation agreements and using MPT services, and when there are changes to this information. If the Customer fails to notify, or notifies incompletely, untimely, or inaccurately, MPT will not bear any related responsibility, including but not limited to: material damages, image, reputation of the Customer.

c) To respect and protect the personal data of others.

d) Other obligations as prescribed by law.

10. In case Customers have any questions related to this policy or issues concerning the rights of data subjects, Customers may use the following contact methods:

(1) Send a letter to the Company at the address: 10th floor, Sudico Building, Me Tri Street, My Dinh 1 Ward, Nam Tu Liem District, Hanoi.

(2) Send an email to the electronic mailbox: info@mpt.com.vn

(3) Company Hotline: 1900585853