Phiên bản tiếng Việt: LINK
Your privacy is of utmost importance to Riviera Point LLC (“we”, “our” and “us”).
Sections 3 to 15 of this Policy describe how we process your personal data, regardless of how the personal data is collected and where you reside. In particular, this Policy outlines our adopted personal data protection practices in connection with the operation of our website(s) and mobile application(s), and/or the provision of our services to you or the organisation that you represent.
In addition, if you are a resident of the EU or the UK, there is a Section of this Policy titled 'Additional information for EU/UK residents' that also applies to our processing of your personal data. In the event of any inconsistency between Sections 3 to 15 of this Policy and this additional Section, the additional Section shall prevail.
For this Policy:
“Group” refers to our affiliates and subsidiaries (the “Relevant Entities”), our parent company and its Relevant Entities, our ultimate parent and its Relevant Entities;
“personal data” refers to information in the form of symbols, scripts, numbers, images, sounds or any other similar form in the electronic environment, which is about a particular individual or facilitates the identification of a particular individual. Personal data includes "basic personal data" and "sensitive personal data";
“process”, “processed” and “processing” refers to one or more actions that affect personal data, such as: collecting, recording, analyzing, confirming, storing, modifying, publishing, combining, accessing, retrieving, withdrawing, encrypting, decrypting, copying, sharing, transmitting, supplying, transferring, deleting, destroying personal data or other related actions; and
“Platforms” refers to our customer interface touchpoints (such as manned customer service counters or self-help automated kiosks), social media sites, websites, mobile applications, membership programs and domains or other platforms related to us and our affiliates’ programs.
3. What Personal Data We Collect
We may collect the personal data which is reasonably necessary for the relevant purposes listed under Section 5 of this Policy. Examples of the collected and processed personal data may include but are not limited to the following:
• Personal information such as name, date of birth, gender, national registration identification or passport number, photos, video or voice recordings;
• Contact details such as mailing addresses, email addresses, and telephone numbers;
• Membership details and preferences;
• Payment-related details and information (which are considered sensitive personal data under Decree 13); and
• Other information provided via forms, face-to-face communication, phone, email, online, use of our website or app, or otherwise.
Some of the personal data that we collect may be sensitive in nature, but we collect sensitive personal data only with your consent and/or in strict compliance with the applicable laws.
4. Methods of Collection.
Personal data may be collected from you in the following ways:
• when you disclose personal data to us or submit forms, including by registering for an account, on our website(s), mobile application(s), an online portal, email, physical collection or other methods;
• when you (or any person authorised by you) correspond(s) with our employees, sub-contractors (including any delivery personnel), customer service or marketing representatives via telephone, letter, email, face-to-face meeting etc.;
• when you subscribe to our mailing lists or otherwise register your interest in any specific products or services;
• when you respond to our promotions;
• when you are referred to us by our business partners, corporate customers and other third parties;
• when we obtain it from other entities within the Group;
• when we lawfully seek information from third parties about you in connection with the products and services you have applied for;
• during recordings of calls when telephone contact is made (for example, via customer service hotlines) which may be recorded for training, quality control, business and/or other lawful purposes;
• during CCTV recordings when a person visits our outlets and our premises;
• when you generate data or link data to your account, e.g., account synchronization, sign-up authentication etc.;
• automatically, when you visit our websites and other websites which we own or manage, using technologies such as cookies (either by us or a third party), contract with us or with any third parties via our websites, or download and/or use any of our application programs and/or software; and
• when you (or any person authorised by you) provide us with personal data for any other reason.
The purposes for which we and/or our service providers may collect, use, disclose, process, manage and/or transfer your personal data are as follows:
• to provide services to you and to fulfil and comply with our obligations under our contract/agreement;
• to perform the transaction contemplated in our contract/agreement (including without limitation sale and purchase, and transfer of ownership/title, of units in our projects, and provision of related services and privileges to you);
• to facilitate the set-up, operation, maintenance and/or administration of any account opened by or in your name with us, and provide related services and support (including for billing purposes or to process orders and applications for such services);
• to maintain, test and/or operate any system or platform required for the provision of any of our services, or in connection with the website(s) or mobile application(s) to be furnished by us or any third-party service provider designated by us;
• to facilitate interconnection and inter-operability between/among third-party service providers designated by us in connection with the services provided by such service providers;
• to assess, process, respond or otherwise deal with your enquiries, requests, feedback, questions, instructions or complaints, and perform other customer-care activities;
• to verify your identity and/or your related persons (including without limitation founders, key shareholders, legal and authorized representatives, board members, directors, spouse, parents, children), and process orders and applications for services;
• to carry out credit checks for the preparation of credit reports and/or for the evaluation of creditworthiness;
• to market, promote (including an offer to sell any other products or services), improve and/or expand enhance the provision of services to you by us or any of our affiliates, partners, contractors or third-party service providers;
• to share with selected related entities, affiliates and business partners (including entities within the Group) to enable them to conduct market research, planning, customer surveys, trend analyses and/or other related forms of data analytics to better tailor offers, promotions and/or other direct marketing to you;
• to provide complementary or value-added services;
• to offer and administer customer loyalty benefits, reward benefits, promotional benefits, contests, lucky draws and other related benefits;
• to conduct market research, planning, customer surveys, trend analyses and/or other related forms of data analytics;
• to keep you informed of services and products provided or offered by us or any of our related entities, affiliates and partners;
• to conduct training and/or improve our service quality and/or marketing and advertising strategies;
• to improve your user experience and/or products and services provided by us to you;
• to establish, enhance and/or improve payment systems, including the interface or interaction of such payment systems with the payment systems of other financial institutions, merchants and/or payment organisations;
• to seek professional advice, including legal advice, or enforce your obligations and our rights, including without limitation the collection of amounts owed by you or by any other person, or defending our rights and benefits and/or any of our related entities, partners, contractors or third-party service providers;
• to conduct investigations or take action in relation to bad debts, crime and fraud prevention, detection or prosecution, risk management, violation of terms and conditions for services provided by us or prevent any individual from harm, illegal or unlawful activities;
• to perform and comply with internal/external audits or for other compliance purposes;
• to comply with regulatory, compliance, or legal obligations and/or requirements; and
• for any other purposes (A) permitted or required by the applicable laws, industry codes or market rules, (B) necessary, ancillary or consequential to the above-specified purposes or (C) desirable or necessary for the performance of services under our contract/agreement.
6. Disclosure of your Personal Data
• entities within the Group;
• external service providers, contractors and third parties, to provide services to you;
• our business partners and vendors to deliver products and services, including but not limited to courier services companies and other entities within the delivery chain;
• banks, credit card companies, payment vendors and other entities within the payment processing chain to process payment;
• debt collection agencies;
• credit information companies and credit bureaus;
• government bodies, including any ministry, department, agency (including law enforcement agencies), or organ of state, judicial or quasi-judicial body or disciplinary, arbitral or mediatory body, or any other statutory body;
• our advisors, including auditors, accountants and lawyers;
• any data intermediaries;
• any other party to whom you authorise us to disclose personal data; and
• the prospective seller or buyer of our business or assets in the event that we sell or buy any business assets.
7. Transfer of your Personal Data
In general, your personal data will be stored in Vietnam. We may, in the course of providing services to you, disclose, transfer, store, process and/or deal with your personal data outside of Vietnam. In doing so, we will comply with all applicable data protection and privacy laws and take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under Decree 13 (as amended from time to time), such as requiring the recipient to ensure that personal data disclosed to them is kept confidential and secure.
For residents in the EU or UK, see the 'Additional Information for EU/UK Residents' Section below for further information on transfers.
Unless the applicable laws or regulations allow otherwise, we will notify and obtain your express written consent for our processing of your Personal Data by methods or means such as signing a form or checking a box.
When you do so, you represent that:
• you are over 16 years of age and your consent, once given, is valid;
• you have read and understood and agree with your rights and obligations under this Policy; and
• where you provide information about another individual (e.g., an employee or child), (A) such individual has been notified of this Policy and other necessary information regarding the processing and (B) you are able to and do give valid consent on behalf of such person.
Regarding the processing of personal data of minors, we always respect and protect the personal data of minors. In case we collect personal data of children under the age of 16, the processing will be for the best interest and benefits of the children and subject to the consent of their parents or guardians. In case the children are 7 or older, we will also obtain the consent of such children. Unless otherwise provided by law, the processing of their personal data will be stopped and their personal data will be deleted if (A) the processing is not in accordance with the consented purposes or the processing is complete for the consented purposes, (B) the consent is withdrawn or (c) so required by the authority.
9. Your Rights.
a) Rights to Know
We will only collect, use, process and disclose your personal data to the extent authorized or required by the personal data protection or data privacy laws and legislation applicable to you.
b) Rights to Consent
You have the rights to give consent to the processing of your personal data, except in cases where consent exemption is provided by applicable law.
c) Rights to Withdraw Consent
You may subsequently withdraw your consent to our collection, use or disclosure of your personal data. However, should you choose to do so, we may not be able to provide you with our services, or perform any contract we may have with you. Accordingly, we may, insofar as such consent is integral to the provision of the services to you, cease to provide such services to you and will have the rights to terminate any contract of service with you at our discretion, without liability to you.
Notwithstanding any withdrawal of consent, unless otherwise agreed by us and/or the Group (where relevant), you will still be bound by any contract of service with us and/or the Group (where relevant), and should you choose to terminate the relevant contract(s), early termination and other charges, liquidated damages or contractual consequences may apply in accordance with the relevant contract(s) or at law, and we and/or the Group reserves its rights thereof.
Please contact our Data Protection Officer by email (Section 15) to request for withdrawal.
Subject to the applicable laws, we shall process your withdrawal request within a reasonable time (depending on the complexity of the request and its impact on our relationship), but in any event, no later than ten (10) business days of receiving your request.
d) Rights to Access, Update and Correct
You can access, update and correct your personal data anytime by accessing your account registered with us through the website or mobile application, if applicable. If you do not have an account with us, you may contact us at the contact in Section 15. We will respond to your update and/or correct request as soon as reasonably possible, but in any event no later than ten (10) business days of receiving such update and/or correction request.
Subject to the applicable law, we will respond to your requests within a reasonable time (and in any event no later than within thirty (30) days of receiving such request. We may charge a fee for processing your request. Such a fee would depend on the nature and complexity of your request.
If you are a resident in the EU or UK, see the 'Additional Information for EU/UK Residents' Section below for information on access, update and correction requests under the GDPR/UK GDPR.
e) Rights to Request for the Provision of Your Personal Data
You have the rights to request us to provide your personal data unless otherwise provided for by law.
f) Rights to Object or Restrict the Processing
You have the rights to object to us or obtain restrictions on the processing of your personal data unless otherwise provided for by law. We will comply with your request within 72 hours after receiving your request unless otherwise provided for by law.
g) Rights to File Complaints, Denunciations, And Lawsuits
You have the rights to file complaints, denunciations and lawsuits as provided by law.
h) Rights to Claim Damages
You have the rights to claim damage as provided by law when there are violations against regulations on the protection of your personal data unless otherwise agreed by parties or provided by law.
i) Rights to Self-Protection
You have the rights to self-protection according to regulations of the Civil Code, other relevant laws and Decree 13, or the request of the competent agencies and organizations to implement civil rights protection measures according to the Civil Code.
j) Other rights
In addition to the above rights, you have other rights and remedies provided by law or any other agreements between you and us.
10. Your Obligations
You have the following obligations: (A) obligation to protect or request others to protect personal data, (B) obligation to respect and protect the personal data of others, (C) obligation to provide complete and accurate data, (D) obligation to implement the regulations on personal data protection and (C) all other obligations provided by law or any other agreements between you and us.
In addition, you must ensure that all personal data submitted to us is accurate, up-to-date and not misleading. Any submission of false or incorrect information may result in our failure to deliver the products and services you seek. We reserve the rights to request for documentation to verify the information provided by you.
We encourage you to inform us when there are any changes to the personal data which you have provided to us, to ensure that we have the most current, accurate and complete information. Upon request by you, we may correct or complete any personal data found to be inaccurate or incomplete as soon as practicable.
When you visit our website(s) and/or mobile application(s), our servers will automatically record the information that is sent whenever you visit a website or mobile application. This data may include: (A) your computer’s IP address; (B) your browser type; (C) the webpage you were visiting before you visited the relevant website; (D) the pages within the website or mobile application which you visit; and/or (E) the time spent on such pages, item and information searched for in the website or mobile application, access time and dates, and other statistics.
A cookie does not give us access to your computer. Most internet browsers automatically accept cookies, but you can usually modify your browser settings according to your preference. If you choose not to accept cookies, you may not be able to experience all of the features of our website(s) and mobile application(s).
12. Other Websites
Our website(s) and mobile application(s) may contain links to other websites which are owned or operated by third parties, and which are not under our control. We are not responsible for the content on any such website, or the consequences of accessing or using any such website (including the protection and privacy of any information which you provide whilst visiting such sites) and such sites are not governed by this Policy.
You agree that your access to or use of such websites is entirely at your own risk. When visiting these third-party websites, you should read their privacy policies which will apply to your use of the websites.
13. Personal Data Retention
We will retain personal data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. To ensure that any contractual disputes can be addressed, we will usually keep your personal data for up to seven (7) years, as amended from time to time. We will delete your personal data when (A) you withdraw your consent, object or request the deletion, (B) your personal data is not processed in accordance with the consented purposes, (C) the deletion is required by law, (D) we have completed the processing for the consented purposes, (E) the recording of personal data is no longer necessary or (F) our business no longer operates.
If you opt-out or withdraw your consent to marketing, we will remove you from our marketing database.
14. Policy Updates
We will update this Policy from time to time, and the updated versions will be posted on our website and/or mobile application; and date stamped so that you are aware of when the Policy was last updated. Please check back frequently to see any updates or changes to this Policy.
If we make any material changes to this Policy, we will provide a notice, for example, by way of a banner on our website. Subject to applicable laws, the English version of this Policy will prevail over any version of this Policy in another language.
15. Contact Details and Data Protection Officer
If you have any enquiries, comments or suggestions about how we collect, use or disclose your personal data or this Policy, or would like to receive information about your personal data which we retain, please contact our Data Protection Officer by email at email@example.com
Additional Information for EU/UK Residents
I. Basis for handling personal information. We need to ensure that there is a legal basis under the GDPR/UK GDPR (as applicable) to justify our processing of your personal information. There are a number of different ways that we are lawfully able to process your personal information. We will only process your personal data if and to the extent that at least one of the following legal bases apply. We have set these out below with reference to each of the purposes set out under Section 5 (Purposes) above. Most commonly we will use your personal data in the following circumstances:
• Where you have consented before the processing.
• Where we need to perform a contract we are about to enter or have entered with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
Consent means processing your personal data where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose.
Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Legitimate Interest means the interest of our business in conducting and managing our business and generating revenue to enable us to give you the best service and to grow and develop our business and our service offerings. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
See the table below to find out more about the types of legal basis that we will rely on to process your personal data. Section 3 above sets out the detail of the types of personal data we collect and process for these purposes.
II. Transfer of Personal Data Overseas. As indicated in Section 7 (Transfer of Personal Data Overseas) above, your personal data will be stored in a country outside of the EU/UK (as applicable) and Vietnam. In any event where your personal data is stored in a country outside of the EU/UK, and in this case including with reference to onward transfers within Vietnam or to entities outside of Vietnam, where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws and that your data is treated securely and in accordance with this Policy.
However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws.
III. Your Rights. You have various rights in relation to the data which we hold about you as described below.
To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out above. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
a) Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
• because it is in our legitimate interests to do so;
• to enable us to perform a task in the public interest or exercise official authority;
• to send you direct marketing materials; or
• for scientific, historical, research, or statistical purposes.
b) Right to withdraw consent
If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. You can withdraw your consent by using the contact details provided at Section 14 (Contact Details and DPO) above. Please note that if you withdraw your consent, this does not impact the lawfulness of our processing on the basis of consent before the consent was withdrawn.
c) Right to access a copy of your data
You may ask us for confirmation of the processing of your personal data, or a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
d) Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
• the data are no longer necessary;
• you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
• the data has been processed unlawfully;
• it is necessary for the data to be erased in order for us to comply with our obligations under law; or
• you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
e) Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
f) Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
g) Right of data portability
If you wish, you have the right to transfer your personal data between service providers and receive a copy of your data. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
h) Rights in relation to automated decision making
You have the right to object to being subject to a decision based on solely automated processing where this decision adversely affects your legal rights. Where we use your personal data for automated decision making, we will ensure to give you specific information about that processing, and you will have the right to challenge and request a review of the decision.
i) Right to complain
You also have the right to complain to your data protection authority.
In the UK the data protection authority is the Information Commissioner's Office. You can contact them in the following ways:
• Phone: 0303 123 1113
• Email: firstname.lastname@example.org
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
If the relevant data protection authority is in the EU, please contact the data protection authority in the relevant country.