This Privacy and personal data processing policy (“Policy”) is implemented by PLF Law Firm (“PLF”).

Article 1: Scope and subjects of application

This Policy regulates the activities and methods by which PLF handles the personal data of current clients, potential clients, suppliers, and other third parties (collectively referred to as “Client”) through PLF’s Electronic transaction channels. For clarity, this Policy applies solely to individuals and organizations in relationships where the law requires and permits the processing of personal data with the consent of the Clients or relevant parties.

This Policy forms an integral and inseparable part of contracts, service proposals, agreements, and other binding terms and conditions between PLF and the Client (if any). PLF encourages the Client to carefully review this Policy and stay informed of any updates that PLF may make pursuant to the terms of this policy.

Article 2: Definitions

2.1. “Personal data” refers to information in the form of symbols, text, numbers, images, sounds, or similar formats in an electronic environment associated with a specific individual or enabling the identification of a specific individual. Personal data includes basic personal data and sensitive personal data.

2.2. “Basic personal data” includes:

1. First name, middle name, and last name, alias (if any);
2. Date of birth, date of death or disappearance;
3. Gender;
4. Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
5. Nationality;
6. Personal image;
7. Phone number, identity card number, personal identification number, passport number, driver’s license number, vehicle registration plate number, personal tax code, social insurance number, health insurance card number;
8. Marital status;
9. Information about family relationships (parents, children);
10. Information about an individual’s digital account; personal data reflecting activities or activity history in cyberspace;
11. Other information associated with or enabling the identification of a specific individual, not classified as sensitive personal data;
12. Additional data as stipulated by current legal regulations.

2.3. “Sensitive personal data” includes:

1. Political views or religious beliefs;
2. Health conditions and private life recorded in medical records, excluding information about blood type;
3. Information related to racial or ethnic origin;
4. Information about an individual’s inherited or acquired genetic characteristics;
5. Information about an individual’s physical or biological traits;
6. Information about an individual’s sexual life or sexual orientation;
7. Data on crimes or criminal behavior collected and stored by law enforcement agencies;
8. Client information held by credit institutions, foreign bank branches, intermediary payment service providers, and other authorized organizations, including Client identification information as per legal regulations, account information, deposit information, asset information, transaction information, and information about individuals or entities acting as guarantors;
9. Data on an individual’s location identified via location services;
10. Other personal data categorized as unique and requiring special protection under legal regulations.

2.4. “Data subject” refers to the individual to whom personal data pertains.

2.5. “Processing personal data” involves one or more activities that affect personal data, such as collecting, recording, analyzing, verifying, storing, modifying, publishing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, or destroying personal data, as well as other related actions.

2.6. “Third Party” refers to any organization or individual other than the Client and PLF that is authorized to process personal data.

2.7. “Personal Data Protection” refers to activities to prevent, detect, deter, and address violations related to personal data in accordance with legal regulations.

2.8. “PLF’s Electronic transaction channels” include online platforms such as the official website https://plf.vn, Zalo, Viber, WhatsApp, Facebook, LinkedIn, WeChat, email, or other electronic transaction channels currently used and designated by PLF personnel.

Article 3: Purposes of processing personal data

3.1. The Client fully understands and voluntarily consents to PLF processing their personal data for the following purposes:

1. Assisting the Client in accessing and using PLF’s services;
2. Providing services as required in contracts, service proposals, agreements, commitments between PLF and the Client;
3. Promptly responding to Client’s service requests;
4. Conducting Client care activities and implementing post-service policies;
5. Managing commitments and agreements with the Client and providing related marketing and promotional materials;
6. Operating, managing, maintaining, or improving service quality through measurement, analysis, or other activities aimed at enhancing the Client’s experience;
7. Preventing and combating fraud and other illegal activities, ensuring public security and workplace safety;
8. Establishing and enforcing rights in accordance with legal regulations or handling complaints;
9. Conducting inspections and investigating arising incidents;
10. Complying with applicable laws and professional standards;
11. Other purposes communicated to the Client at the time of data collection.

3.2. If PLF intends to use the Client’s Personal Data for purposes beyond those stated in Article 3.1 above, PLF will provide clear notification and will only proceed with the Client’s consent.

Article 4: Methods of personal data processing

Your personal data is collected through the following methods:

4.1. Directly from Clients through various means, including:

1. When Clients submit requests or fill out forms;
2. When Clients communicate, contact, or interact with PLF’s staff via phone, mail, face-to-face meetings, emails, social media interactions, or PLF’s Electronic transaction channels;
3. In the process of providing and performance of services by PLF;
4. When Clients seek support, request quotes, or make other requests with PLF.

4.2. From third parties authorized to process Clients’ personal data: Data is provided based on the third party’s privacy policy.

4.3. From competent authorities when PLF complies with its legal obligations.

4.4. PLF ensures that the collection of personal data from the Client and related parties complies with legal regulations in the following cases:

1. Collecting images and videos from surveillance systems (CCTV), recording devices for purposes specified in Article 3.1 of this Policy.
2. Respecting and protecting the personal data of children. Accordingly, PLF may require the consent of children, guardians, or legal representatives of children before collecting personal data of children.

Article 5: Personal data security

5.1. PLF is responsible for ensuring the security of the Client’s personal data in accordance with the Commitment to Non-Disclosure, the Confidentiality Agreement, or PLF’s Privacy Policy, ensuring that it does not infringe upon the Clients’ legitimate rights and interests within feasible capabilities. However, PLF may share Clients’ personal data with third parties for the purpose of conducting analysis, statistics, or other activities for the purposes stated in Clause 3.1 above. These third parties may be in Vietnam or any other location outside of Vietnam. When sharing or transferring Clients’ personal data abroad, PLF ensures that a copy of the Clients’ personal data is stored in Vietnam and will require the receiving party to ensure that the Clients’ personal data will be kept confidential and secure. Additionally, PLF will apply appropriate protective measures to ensure that the transfer complies with legal requirements at each point in time.

5.2. PLF will provide the Clients’ personal data when requested by competent authorities.

5.3. PLF advises that the transmission of data through Electronic transaction channels over the internet may not guarantee security and could be illegally intercepted, which PLF cannot prevent, and thus PLF will not be responsible for any related liabilities.

5.4. The Client is responsible for protecting and preventing unauthorized access to their accounts, personal information, and passwords used to access and interact through PLF’s Electronic transaction channels. The Client agrees not to disclose their password to any third party and is responsible for any use of their personal account, whether authorized by the Client or not. The Client must immediately notify PLF of any unauthorized use of their account.

Article 6: General requirements for the Client

6.1. By providing data on our Website, Clients voluntarily agree to receive emails from PLF, such as newsletters, special offers, notifications related to services, or other informational content that PLF deems relevant to the Client’s needs.

6.2. In cases where agreements, contracts, or service proposals exist between PLF and the Client, it is the Client’s responsibility to update personal data promptly whenever there are changes or adjustments. Additionally, PLF may request updates or additional personal data from the Client to fulfill service requirements.

6.3. All requests from the Client for copies of their personal data must be sent to the email address inquiry@plf.vn or through PLF’s approved Electronic transaction channels.

6.4. At all times, the Client must ensure that all personal data provided to PLF for the purposes outlined in Article 3 is lawfully owned by the Client as an individual and/or has been lawfully collected with prior consent from the data subject. This compliance must adhere to the terms of contracts, service proposals, agreements, commitments between PLF and the Client, and applicable personal data protection laws. Upon PLF’s request, the Client is responsible for providing a copy of the data subject’s consent.

Article 7: Rights of the personal data subjects

According to current legal regulations, Clients have the following rights regarding their personal data, including:

7.1. Right to request personal data provision:

1. Clients have the right to request in writing the personal data that PLF holds about them. The Client’s request is considered valid and accepted for processing when all necessary information is provided, and the correct form is used according to current legal regulations.
2. Clients also have the right to request PLF to provide their personal data to other organizations or individuals, or to provide data from other organizations or individuals to the Client, provided that the Client must provide valid authorization or other documents proving the consent of the data subject as required by law.
3. In cases where the Client’s request is valid under legal regulations and falls within the circumstances where PLF is permitted to provide data, PLF will notify the Client through appropriate communication methods regarding the time, location, form of personal data provision, and methods, and PLF will provide personal data in accordance with this notification and other procedures as prescribed by law.
4. PLF reserves the right to refuse to provide the Client’s personal data in accordance with legal regulations regarding the protection of personal information confidentiality, in cases where such laws require and/or permit the refusal to provide personal data.

7.2. Right to request data deletion:

1. PLF will cancel or delete the personal data of the Client when PLF receives a request from the Client in accordance with the current legal regulations.
2. If the contract, service proposal, agreement, or commitment between PLF and the Client is terminated or canceled, PLF may continue to process the Client’s personal data in accordance with this Policy and PLF’s obligations under the legal regulations on personal data protection and other relevant laws.
3. PLF reserves the right to refuse to delete or destroy data in cases where the Client’s request does not comply with the current legal regulations, or even if it does comply, it falls under circumstances where PLF is not permitted to delete or destroy according to current legal regulations.

7.3. Right to withdraw consent, restrict, and object to the processing of personal data:

1. The Client may withdraw consent for the processing of their personal data, request restrictions, and object to the processing of the Client’s personal data that PLF is processing by sending a request to PLF through PLF’s Electronic transaction channels. Accordingly, PLF will process these requests in accordance with the relevant legal regulations. However, the Client’s withdrawal of consent, request for restriction, or objection to the processing of their personal data may mean that PLF will not be able to continue providing products and services to the Client, and PLF may need to terminate the current relationship with the Client and/or terminate the contract, service proposal, agreement, or commitment that the Client has with PLF.
2. PLF reserves the right to refuse to accept the withdrawal of consent or the restriction of the Client’s data processing in cases where the Client’s request does not comply with current legal regulations.

In addition, the Client has other rights under the current legal regulations on personal data protection, such as: the right to be informed; the right to consent; the right to access; the right to request compensation for damages; the right to self-protection; and other related rights as prescribed by law.

Article 8: Obligations of the data subject

In the activity of protecting the personal data of the Client and of other individuals, the Client has the following obligations:

8.1. To provide complete and accurate personal data.

8.2. To self-protect their personal data; to request other relevant organizations and individuals to protect their personal data.

8.3. To respect and protect the personal data of others.

8.4. To comply with the legal regulations on personal data protection and to participate in preventing and combating violations of regulations on personal data protection.

8.5. To immediately notify PLF if they detect or suspect that their personal data has been leaked, which may lead to risks in the process of using the service, or any violations of personal data protection according to this Policy that the Client can identify.

8.6. To regularly check PLF’s Electronic transaction channel to update and comply with any changes (if any) related to this Policy.

8.7. Other obligations as prescribed by law.

Article 9: Data retention period

9.1. PLF processes the Client’s personal data from the time the Client or their authorized representative contacts us to request the use of our products or services.

9.2. PLF retains personal data and other Client data collected for as long as it is necessary to resolve any disputes, comply with legal obligations, or for purposes outlined in Article 3.1 of this Policy, provided such data remains useful based on PLF’s assessment.

Article 10: General provisions

10.1. This Policy takes effect on 01 January 2025. Clients understand and agree that the Policy may be amended or updated periodically, with changes notified to Clients via PLF’s Electronic transaction channels before implementation.

10.2. If the Clients continue to use the services after being notified of the content changes and updates to this Policy, it will be considered as the Client’s acceptance of these amendments and updates.