PERSONAL DATA PROTECTION AND PRIVACY POLICY

In today’s digitally connected world, your privacy and personal data are more important than ever and must be protected. When you access ASART’s website, we want to ensure that your privacy and personal data are safeguarded to the highest standard.

A. We value your privacy and personal data. If you are merely browsing our website, we will not collect any of your personal information. We also have no agreements or commitments that allow any third parties to do so.

B. In case you wish to interact with us, schedule an appointment, and/or subscribe to our newsletters, in order to fulfill those requests and provide you with the best experience, we will need to collect some of your personal data.

1. In such case, pursuant to Decree No. 13/2023/NĐ-CP on Personal Data Protection, effective from July 1, 2023 (“Personal Data Protection Decree”), we must obtain your consent and confirmation that you have read, understood, and agreed to the way we collect, store, process, protect, use, and share your personal data (our “Personal Data Protection and Privacy Policy”).

2. Why does ASART need to collect your personal data?

We need your consent to collect, store, process, protect, use, and share your personal data in order to, depending on the case, provide services, fulfill your requests on this website, and/or for the following purposes (“Permitted Purposes”):

2.1. To contact you after you leave your personal data on our website via “Leave a Message,” “Book A Meeting With Us,” “Register Now,” “Call Us,” or “Email Us” sections;

2.2. To send you information about coverage, press releases, reports, newsletters, views & analyses, and market updates that you have subscribed to;

2.3. To invite you to conferences and events that we organize, co-organize, and/or attend, in which you have expressed interest;

2.4. To recruit, including contacting you, arranging interviews, and verifying your education and work experience for the positions you have applied for;

2.5. To ensure the collection of your personal data complies with other ASART policies and applicable legal regulations;

2.6. To assert, determine, and exercise our rights, or to protect ourselves against damage to our rights and interests in connection with your personal data;

2.7. To store necessary files, documents, and records for compliance, reporting, and fulfilling obligations required by competent authorities;

2.8. To evaluate our business operations and ensure continued service provision, fulfill your requests on this site, and/or fulfill the Permitted Purposes, even in the event of business changes, mergers, acquisitions, and/or divestitures; and

2.9. Other activities and purposes related to the above-mentioned activities and purposes.

3. What personal data does ASART collect from you?

3.1. To fulfill the Permitted Purposes, we may collect basic personal data and related information (“Collected Personal Data”) including:
a) Full name;
b) Date of birth;
c) Title;
d) Company;
e) Position;
f) Company address or contact address;
g) Company revenue scale (if any);
h) Company personnel size (if any);
i) Your request or purpose;
j) Phone number;
k) Email; and
l) Other information voluntarily provided by you while using this website.

4. When does ASART collect your Collected Personal Data?

Collected Personal Data is collected when you:

4.1. Proactively contact us via phone numbers, company addresses, email addresses, or other communication channels shown on the website to discuss our services, your needs, and/or related information;

4.2. Register to receive our publications, reports, research, market information, and insights;

4.3. Register for or are invited by us to attend conferences and events organized, co-organized, and/or attended by us;

4.4. Apply and/or contact us to apply for jobs;

4.5. Provide products and/or services to us;

4.6. Report a problem or submit a complaint to us; and

4.7. Contact, register for, and/or carry out activities and purposes related to the above-mentioned items.

IMPORTANT NOTE: If you provide us with another person’s personal data, you must be authorized to do so under the law, must explain and ensure that the person has read, understood, and agreed to our Personal Data Protection and Privacy Policy and has consented to you providing their personal data.

5. How does ASART protect Collected Personal Data?

To protect your privacy and personal data, we take the following measures:

5.1. Designing and implementing policies, rules, standards, and technical measures to protect your privacy and ensure the Collected Personal Data is used only for Permitted Purposes, in compliance with laws and ASART regulations;

5.2. Requiring those who are authorized to access the Collected Personal Data to comply with legal and ASART rules and standards on privacy and personal data protection;

5.3. Requiring our product and/or service suppliers or any third parties with whom we collaborate and to whom we disclose data for Permitted Purposes to implement similar privacy and data protection measures when collecting, storing, processing, protecting, using, and sharing Collected Personal Data.

6. With whom may ASART share Collected Personal Data?

6.1. We may share the Collected Personal Data to serve the Permitted Purposes stated in this Personal Data Protection and Privacy Policy, including sharing data with our service suppliers and business partners, with other third parties, as well as in accordance with legal regulations or at the request of competent authorities. The specific recipients of such shared data will depend on your relationship with us and the Permitted Purposes.

6.2. However, to the extent possible, we always aim to minimize and limit the scope, method, recipients of the Collected Personal Data that we share. At the same time, we will take steps to ensure that the Collected Personal Data is kept secure and protected during the data sharing process. We may share Collected Personal Data for data processing purposes with the following parties, depending on the circumstances and as permitted by law and ASART regulations:

a) ASART, its subsidiaries, and affiliates (if any);

b) Shareholders, directors, officers, employees, and people with similar nature of ASART, its subsidiaries, and affiliates (if any);

c) Authorized third parties whom you have authorized us to share the Collected Personal Data with, through your consent;

d) Our service suppliers, including but not limited to professional, product, and service suppliers including any individuals or entities involve in or collaborate to analyze and contribute to the improvement or enhancement of the quality of our business operations or service delivery such as accountants, auditors, lawyers, legal advisors, bankers, IT consultants, operations consultants, human resources consultants, financial advisors, software developers, system engineers, administrators, data processing officers, marketing agencies, website designers, customer management consultants, and market research services; and

e) Government and law enforcement agencies: as required by law or requested by any competent authority, including any government, government equivalent, administrative, regulatory, supervisory authority, court, arbitration panel, law enforcement agency, or tax authority, whether domestic or international, that has jurisdiction over us.

7. How long does ASART retain Collected Personal Data?

7.1. The Collected Personal Data will only be retained for a period appropriate to the Permitted Purposes, unless otherwise required by law.

7.2. The Collected Personal Data will be stored from the time we obtain your consent until you withdraw your consent and/or when storage is no longer required in accordance with applicable laws and ASART regulations.

7.3. Unless otherwise required by laws and regulations, we will delete, destroy, and/or stop using the Collected Personal Data once it is no longer needed.

8. What rights do you have over Collected Personal Data?

You have the following rights under the law and ASART’s regulations regarding how we collect, store, process, protect, use, and share your Collected Personal Data, including the following rights:

8.1. Right to be informed
8.2. Right to consent
8.3. Right to access
8.4. Right to withdraw consent
8.5. Right to erase data
8.6. Right to restrict data processing
8.7. Right to provide data
8.8. Right to object to data processing
8.9. Right to complain, denounce, and initiate lawsuits
8.10. Right to claim damages
8.11. Right to self-protection
8.12. Other lawful rights.

We will respond to requests to exercise rights related to Collected Personal Data in accordance with applicable laws. If you have any questions regarding your rights, please contact us using the contact information provided in Section E of this Personal Data Protection and Privacy Policy.

9. What are your obligations regarding Collected Personal Data?

While we are obliged to protect your Collected Personal Data, you also have obligations relating to the Collected Personal Data, including the following:

9.1. Protecting the Collected Personal Data and request us or other relevant organizations or individuals to protect the Collected Personal Data;

9.2. Respecting and protecting your own and others’ personal data;

9.3. Providing complete and accurate personal data when you have consented to our collection, storage, processing, protection, usage, and sharing of the Collected Personal Data;

9.4. Promoting awareness and sharing skills related to personal data protection;

9.5. Complying with applicable laws and regulations on personal data protection, and participate in the prevention of violations of such laws and regulations; and

9.6. Fulfilling any other obligations under the applicable laws and regulations.

10. What are your risks?

10.1. The transmission of information over the Internet is not completely secure. Although we do our best to secure transmission and storage of Collected Personal Data, we cannot guarantee that our security measures will prevent unauthorized access by third parties such as hackers and/or cybercriminals.

10.2. If Collected Personal Data is targeted by unauthorized access and/or cybercrime attacks, we will take necessary steps to minimize the risk to you and notify you as soon as possible. In such cases, you irrevocably agree to hold us harmless against any claims or compensation related to such unauthorized access and/or cybercrime.

C. Effectiveness

This Personal Data Protection and Privacy Policy is effective from July 1, 2023.

D. Right to Amend

We may amend this Personal Data Protection and Privacy Policy at any time without prior notice. Please check regularly for updates on how we handle Collected Personal Data. If you have any questions related to Collected Personal Data, please contact us via the details in Section E of this Personal Data Protection and Privacy Policy.

E. How can you contact ASART regarding Collected Personal Data?

For any matters related to Collected Personal Data, please contact:

• Operations Department – Data Security Team
• ASART Deal Advisory Co., Ltd.
• Address: 44th Floor, Bitexco Financial Tower, 2 Hai Trieu Street, Ben Nghe Ward, District 1, Ho Chi Minh City, Vietnam
• Phone: +84 28 3821 6166 – Ext: 404

We will contact you as soon as possible but no later than two (2) working days after receiving a complete and valid request. We will also make every effort to fulfill your request within thirty (30) working days from the date of receipt of a valid request and any related processing fees (if any).