Privacy Notice for Vendors
Long Son
Petrochemicals Co.,Ltd respects the rights to privacy of our vendors,
contractor including individuals acting on behalf of our corporate vendor,
contractor. To ensure that your personal data is protected, we have created
this Privacy Notice to provide information on our processing of your personal
data, in electronic and other formats, in accordance with the Vietnam Personal
Data Protection Laws.
1.
Definitions
1.1. “We” means Long Son
Petrochemicals Co.,Ltd .
1.2. “You” means individual vendors, contractor, directors of our
corporate vendors, contractor, and operators and staff of vendors, contractor.
1.3. “Processing” means any acts impacting personal data, including
but not limited to collecting, recording, analyzing, confirming, storing,
editing, publicizing, disclosing, combining, accessing to, retrieving,
recovering, encrypting, decrypting, copying, sharing, transmitting, providing,
transferring, deleting, destroying personal data.
1.4. “Vietnam Personal Data Protection Laws” mean applicable
Vietnamese laws on personal data protection, including any amendments,
supplements or replacement from time to time.
2.
Purposes of the processing
2.1. We process your
personal data for the following purposes:
(1) to perform our contractual obligations with you or to take
steps at your request. before entering into a contract. This includes
procurement, inspection, payment for goods and services, relationship
management, and evaluation of work as specified in purchase orders, contracts,
or other procurement-related documents.
(2) to manage, develop,
and conduct our business operations, including website
and application administration, research (e.g., interviews,
questionnaires), fraud prevention and detection, crime prevention, and IT
system maintenance.
(3) to protect security
through measures such as personal data protection, access control, and identity
authentication when you log in to your user account.
(4) to enable us to send
news, promotions, and privileges to you via email, SMS, applications, social
media, telephone, and direct mail.
(5) to conduct marketing
activities and perform data analysis, such as market research, surveys, and
interviews.
(6) to ensure your security, which may involve implementing
security measures (e.g., controlling access to premises), preventing and
managing epidemics, and verifying and authenticating identities for website or
application access.
(7)
to establish, exercise, or defend legal claims, whether they
pertain to you or us.
(9)
to comply with our legal obligations under applicable laws.
(10)
to perform tasks in the public interest or in the exercise of
official authority vested in us.
Please note that the
above list is not exhaustive and may be subject to updates as necessary.
2.2. Where we process Your
personal data for purposes requiring consent, we will notify You of these
specific purposes at the time of obtaining Your consent. Further details
regarding your consent and its implications are provided in the subsequent
sections of this Privacy Notice.
3.
Personal data we collect
We
collect personal data directly from you and indirectly from other reliable
sources such as government agencies, companies in
the SCG Group, business partners, individuals who can legitimately disclose
your personal data, and trusted service providers. The details of the data
collection are as follows:
3.1. Data
from You: When you contact us or when you (or a corporate vendor,
contractor) supply products or services to us, we collect the following
personal data:
(1)
Contact Information: Email address, telephone number, office
address, social media account, instant messaging account. (e.g., information
available on your business card).
(2) Identity Verification
Information: ID cards, ID number, title, name, date of birth, mobile number,
email, photograph, and identification information.
(3) Work-Related
Information: Employment details, information related to managing your work
safety, hygiene, and environment, bank account (for payment), remuneration,
occupation, position, driving license, credentials, Information about past
clients you have served and their references, and other personal data you have
provided to us when contacting us or supplying products or services.
(4) Identification
Information: Citizen identification number, passport number, driver's license
number, social security number, taxpayer identification number, and other
government-issued identification numbers.
(5) Immigration and
residency Information: Stay permit, residence permit, work permit, visa, and
similar paperwork.
3.2.
Data from Premises Visits: When you visit our
premises, we collect, monitor, and process your images and video recorded by
CCTV in designated areas. We will display signage to notify you about the areas
where CCTV operates.
3.3.
Data from Contact and Participation: When you contact us
or participate in any activity with us, we collect the following personal data:
(1) Personal Information: Name, date of birth, photograph,
identification card number, passport number.
(2) Contact Information:
Telephone number, email, address, instant messaging account.
(3) Complaint
Information: Details regarding your complaints.
(4) Participation
Information: Information about your participation in our activities, including
the history of previous activities and photographs taken.
3.4. Other Data: Tax identification number, family card, and photographs taken during
your participation in our workshops or work with us.
3.5. Additional Data
Collection: If we need to
collect additional personal data, we will notify you and process the data in
compliance with Vietnam Personal Data Protection Laws.
3.6. Sensitive Personal
Data: Where necessary, we
will process your sensitive personal data in accordance with Vietnamese
Personal Data Protection Laws. We will ensure that we will try our best to
provide adequate security measures to protect your sensitive personal data. We
may need to collect and process sensitive personal data, including:
(1)
We may collect and
process your facial recognition or fingerprint data to verify your identity.
(2) We might have to collect general health data given by you (e.g. food
allergy, drug allergy, vaccination) to organize events, meetings, and
receptions; to accommodate you; and to comply with legal and regulatory requirements (e.g. criminal offence data).
(3) In some occasions, we
might receive your sensitive personal data although we have no intention
process the data. For example, we might receive data concerning your religious
beliefs when we collect copies of your identification cards, which we will take
appropriate measures to prevent collection and processing of such unnecessary
data or ask you to redact the data before sending it to us.
(4) Sensitive personal
data under our processing may also include financial information and location
data.
3.7. Third-Party Data
Disclosure: If you disclose
personal data of other person to us, you must be able to disclose such data and
comply with applicable laws, which includes informing the data subjects of this
Privacy Notice and other relevant documents before or when you disclose the
data to us.
4.
Cookies
4.1. We use cookies and
similar technology to collect personal data as specified in our Cookies
Notice.
5.
Consent, withdrawal, and consequences[CN1] [HT2]
5.1.
If we rely on your consent to process personal data, you are
entitled to withdraw your given consent at any time but such withdrawal will
not affect the validity of the processing made prior to the withdrawal.
5.2. Your withdrawal of consent or refusal to provide certain
information may result in us being unable to fulfill some or all of the
objectives stated in this Privacy Notice.
5.3.
You can withdraw your given consent by following instructions
available in the channels that obtain consent from you (e.g. changing settings
in your user accounts) or by submitting your request to
relevant channels in Section 10.
5.4.
If you are children (under 16 years of age), quasi-incompetent
person, or incapacitated persons and you wish to give consent to us; you must
obtain authorization from your legal representatives, guardians or custodians (depending on the specific context of each case) before giving
consent to us.
5.5.
If you give us consent on behalf of other persons, you must
have authority to legally give the consent on behalf of the data subjects at
the time when it is given to us.
6. Retention Period
6.1.
We will retain your personal data for the period necessary to
meet the objectives unless the law requires longer retention periods. In the
event that such period is unclear, we will retain the data for a customary
expected period in accordance with retention standards.
6.2. We have established an auditing system to delete or destroy
your personal data when the retention period expires or when it becomes
irrelevant or unnecessary for the purposes of collecting that personal data.
6.3.
If your personal data is processed based on consent, we will
stop the processing when you have withdrawn the consent. However, we may keep
your personal data to record your withdrawn so we can respond to your request
in the future.
7. Disclosure of Your
Personal Data
7.1.
We disclose and share your personal data with:
(1)
Companies within the SCG Group[CN3] [NP4] , including those outside Vietnam, as listed in the most
recent annual report available at https://scc.listedcompany.com/ar.html; and
(2) Individuals and
entities other than the companies in the SCG Group for the purpose of
collecting and processing personal data as described in this privacy notice
such as our dealers, transport and logistics service providers, postal service
providers, data processing service providers, marketing service providers (who
might send messages to you to promote our products and services), contractors
(who might perform tasks on our behalf), financial service providers (such as
banks, payment companies, electronic payment service providers, credit
providers), IT service providers (such as providers of cloud services,
blockchain systems, data analytics, SMS, or emails), IT developers,
programmers, auditors, consultants, advisors, government agencies (e.g. the tax
authorities), insurers, legal advisors, third
parties (in Vietnam or anywhere else) that are related to subpoenas, court
orders, or other legal processes or requirements under the laws or regulations
of Vietnam or laws and regulations of other jurisdictions that apply to us, our
affiliates, or financial institutions to manage risks and to help detect and
prevent illegal acts and fraud that may occur and other violations to our
policies and agreements, and other persons to the extent necessary to enable us
to conduct business, provide products and services, and meet the purposes for
the collection and processing of personal data as described in this Privacy Notice.
7.2. Recipients of your personal data in clause 7.1 might have
their own separate privacy notice, please read their respective privacy notice
to see details of how they process your personal.
7.3.
When we restructure our business, sell or transfer assets,
acquire businesses or are acquired by other businesses, or merge with other
businesses; we might have to disclose your personal data to our counterparties
and their advisors. However, we will use our best effort to safeguard your data
and require our relevant counterparties and their advisors to comply with
applicable personal data protection laws and this Privacy Notice.
7.4. We will require persons receiving your personal data to take
appropriate measures to protect your personal data, process the data properly
and only as necessary, and prevent unauthorized use or disclosure of your
personal data.
8.
International transfer of your personal data[CN5] [NP6]
8.1. We may send or transfer your personal data to companies in SCG Group [CN7] [NP8] or other persons
located outside Vietnam if it is necessary in order for us to perform the
purposes of processing as set out under Section 2 of this Privacy Notice.
8.2.
We may store your personal data on computer servers or clouds
located outside Vietnam and use software or applications of service providers
located outside Vietnam to process your personal data. However, we will not
allow unrelated parties to access to your personal data and will require the
service providers to have appropriate security measures to protect your data.
8.3. In the event that your personal data is transferred to a
foreign country, we will comply with applicable personal data protection laws
and take appropriate measures to ensure that your personal data is protected
and you can exercise your rights in accordance with the laws. Moreover, we will
require those who receive the data to have appropriate protection measures for
your personal data, to process such personal data only as necessary, and to
take steps to prevent unauthorized use or disclosure of your personal data.
9.
Security Measures
9.1. We have implemented appropriate technical and administrative
standards to protect your personal data from loss, misuse, and unauthorized
access use, disclose, or destruction. We use technology and security procedures
such as encryption and access restriction to ensure that only authorized people
shall have access to your personal data, and that they are trained about the
importance of protecting personal data.
9.2. We provide appropriate security measures including
administrative, technical, and physical safeguards (such as access control and
user access management) to prevent unlawful loss, access, use, change,
disclosure of personal data from those who do not have rights or duties related
to that personal data. We will review the above-mentioned measures when
necessary or when the technology changes to ensure effective security.
9.3.
If we process your sensitive personal data, we will use our
best endeavor to impose appropriate security measures to protect the data.
10.
Your rights and obligations as data subjects
10.1.
Your rights under the Vietnam Personal Data Protection Laws
can be summarized as follows:
(1)
Right to be aware of the processing of your personal data;
(2)
Right to give and withdraw consent you given to us;
(3)
Right to request to view and correct your personal data;
(4)
Right to oppose our use or disclosure of personal data about
you for marketing and advertising purposes;
(5)
Right to request us to delete or destroy or make your personal
data non-personally identifiable (anonymous) information;
(6)
Right to request us to restrict the processing of your
personal data;
(7)
Right to request us to provide your personal data; and
(8)
Right to file complaints, denunciation, or lawsuit to the
authority, to claim damages, and to exercise self-defense mechanisms in the
event that we, our data processors, our employees, or our contractors violate
or do not comply with personal data protection laws.
10.2.We will consider your request, notify the result of the
consideration, and execute it (if appropriate) within a reasonable timeframe
from the date we receive the request. Your rights mentioned above will be in
accordance with the Vietnam Personal Data Protection Laws.
10.3. You may exercise your
rights under the law by submitting your request to compliance@lsp.com, or via our website
and/or announced application.
10.4. Besides rights, you as the data subject bear certain
obligations pursuant to Vietnam Personal Data Protection Laws, including but
not limited to the obligation to provide complete and accurate personal data when
consenting to the processing of personal data.
11.
Information about data controller and Data Protection
Officer
11.1.
Data Controllers: The data controller of this Privacy Notice
is Long Son Petrochemicals Co.,Ltd
11.2.
Business Address: The business address of the data controller
is Hamlet 2, Long Son commune, Ho Chi Minh City.
11.3. Contact Information:
You can contact the data controller or inquire about this Privacy Notice by
emailing compliance@lsp.com.
In the event that this Privacy Notice is amended, we will announce a new privacy notice on this website or other channels of notification, which you should periodically review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.