menu menu
logo
menu
  • Tiếng ViệtTiếng Việt
  • EnglishEnglish
    • CONTACT SALES

    Personal data protection policy

    PERSONAL DATA PROTECTION POLICY

    Last updated: February 2, 2026

    FPT International Telecom Company Limited (“FTI”) is a company duly established under the laws of Vietnam, with its head office at Lot L.29B-31B-33B Tan Thuan Street, Tan Thuan Export Processing Zone, Tan Thuan Ward, Ho Chi Minh City, Vietnam.

    To ensure compliance with applicable laws on personal data protection, FTI issues this Personal Data Protection Policy to transparently describe how FTI processes and protects the personal data of all customers.

    ARTICLE 1. DEFINITIONS

    1.1. “FTI” means FPT International Telecom Company Limited.

    1.2. “Policy” means this Personal Data Protection Policy.

    1.3. “Personal Data” means digital data or other information that identifies or helps identify a specific individual, including basic personal data and sensitive personal data as prescribed by applicable personal data protection laws. Anonymized data is no longer considered personal data.

    1.4. “Basic Personal Data” includes:

    • Full name (including middle name), birth name and other names (if any);
    • Date of birth;
    • Gender;
    • Place of birth, permanent residence, temporary residence, current residence, hometown, contact address;
    • Nationality;
    • Personal images;
    • Phone number, personal identification number, passport number, driver’s license number, vehicle registration number;
    • Marital status;
    • Information about family relationships (parents, spouse, children);
    • Other information associated with or helping to identify a specific individual not falling under Clause 1.5.

    1.5. “Sensitive Personal Data” means personal data associated with an individual’s privacy which, if infringed, may directly affect their lawful rights and interests, including:

    • Political opinions, religious beliefs;
    • Private life and family secrets;
    • Health status;
    • Racial or ethnic origin;
    • Biometric and genetic data;
    • Sexual life or sexual orientation;
    • Criminal records collected and stored by law enforcement authorities;
    • Login credentials for electronic identity accounts; images of identity cards/citizen ID cards;
    • Bank account login credentials; bank card information; transaction history; financial, credit, securities, insurance data;
    • Location data identified through positioning services;
    • Behavioral tracking data relating to telecommunications, social networks, online communication services and other online activities;
    • Other specific personal data requiring enhanced protection as prescribed by law.

    1.6. “Data Subject” means the individual to whom the personal data relates.

    1.7. “Personal Data Protection” means measures taken by organizations or individuals to prevent and combat violations of personal data.

    1.8. “Processing of Personal Data” means one or more activities affecting personal data, such as collection, analysis, aggregation, encryption, decryption, modification, deletion, destruction, anonymization, disclosure, transfer, or other related activities.

    1.9. “Personal Data Controller” means the entity that determines the purposes and means of processing personal data.

    1.10. “Personal Data Processor” means the entity that processes personal data on behalf of the Controller under a contract or instruction.

    1.11. “Personal Data Controller and Processor” means the entity that determines purposes and means and directly processes personal data.

    1.12. “Provider” means the party providing personal data of the Data Subject to the other party in preparation for, during, or in connection with a transaction. The Provider may be the Data Subject, Controller, Processor, or Controller and Processor.

    1.13. “Transaction Channels” means contractual documents, websites, applications, or other lawful communication channels provided by FTI from time to time.

    FPT International Telecom Company Limited is a company duly incorporated under Vietnamese law, headquartered at Lot L.29B-31B-33B Tan Thuan Street, Tan Thuan Export Processing Zone, Tan Thuan Dong Ward, District 7, Ho Chi Minh City, Vietnam (hereinafter referred to as “FTI”).

    ARTICLE 2. SOURCES AND TYPES OF PERSONAL DATA COLLECTED, CONTROLLED, AND PROCESSED

    2.1. Sources of Personal Data

    During the provision and use of products and services, each Party may collect, receive, control and/or process Personal Data of the other Party and/or relevant third parties, depending on each Party’s role in each personal data processing activity, from the following sources:

    a) Directly from the Providing Party through the conclusion and performance of the Contract; registration and use of products and services; transactions and exchanges of information between the Parties; or through service provision and/or service usage systems, websites, mobile applications, or other lawful channels;

    b) From data generated during the provision and use of products and services, including data created, recorded, stored, or transmitted on systems, platforms, and technical infrastructure provided, managed, or operated by either Part;

    c) From third parties, including affiliated entities, partners, service providers, or other relevant parties, where the data subject has given consent or where permitted by law;

    d) From competent state authorities or governmental organizations in accordance with applicable laws.

    2.2 Types of Personal Data Collected, Controlled and Processed

    During the provision of products and services to customers, FTI and the Customer may carry out one or more personal data processing activities and/or participate in the processing of personal data in relation to the following categories of Personal Data:

    a) Full name, including surname, middle name and given name at birth, and other name(s) (if any);

    b) Date of birth;

    c) Gender;

    d) Place of permanent residence, temporary residence, current address, place of origin, contact address, and email address;

    e) Nationality;

    f) Images of the individual, including images provided upon service registration and images uploaded by the Providing Party on FTI’s application/website during the use of services;

    g) Telephone number and personal identification number;

    h) Bank card and/or bank account information;

    i) Call information, messages, and call recording data generated during the Providing Party’s use of FTI’s voice, messaging, and call center services;

    j) Image, audio, and video data generated during the Providing Party’s use of FTI’s camera services with data storage features;

    k) Data uploaded, stored, or generated by the Providing Party on cloud computing systems and service platforms provided by the Data Controller and/or Data Processor;

    l) Information relating to an individual’s digital account(s); personal data reflecting activities and activity history in cyberspace;

    m) Telecommunications consumption behavior data, including call, SMS, data, and VAS;

    n) Data provided by the Providing Party to FTI upon service registration, as well as data generated during the Customer’s use of FTI’s services and/or third-party services through FTI. Full name, including surname, middle name and given name at birth, and other name(s) (if any);

    ARTICLE 3. PERSONAL DATA PROTECTION COMMITMENTS

    3.1. This Policy sets out the purposes, scope, and methods by which FTI and/or the Providing Party process Personal Data and/or participate in the processing of Personal Data during the preparation and implementation of the provision of FTI’s products and services, or during the Providing Party’s interaction with FTI.

    3.2. The Parties undertake to comply with the following principles:

    a. The Personal Data of the Providing Party shall be collected, processed, and stored lawfully, appropriately, and within the scope and purposes specified in this Policy, in compliance with applicable laws;

    b. Personal Data shall be ensured to be accurate based on the information provided by the Providing Party; FTI shall have no obligation to verify the authenticity of such Personal Data. Any inaccurate data or data no longer relevant to the processing purposes shall be promptly amended or erased in accordance with applicable laws;

    c. To proactively prevent, detect, stop, and strictly and promptly handle any violations of laws on personal data protection.

    3.3. Each Party shall be responsible for ensuring that its respective partners (including service providers, other suppliers, customers, etc.) also comply with personal data protection regulations in accordance with applicable laws.

    3.4. The Parties undertake to comply with other principles as prescribed by law on personal data protection, particularly regulations relating to data subject rights and obligations concerning cross-border data transfer.

    ARTICLE 4. PURPOSES OF PERSONAL DATA CONTROL AND PROCESSING

    4.1. The Providing Party hereby consents to FTI carrying out and/or participating in the processing of Personal Data for the following purposes:

    a. To support the Providing Party and update the Providing Party’s information when purchasing and using products and services provided by FTI and/or services provided by third parties through FTI;

    b. To provide third-party products and services to the Providing Party (including but not limited to registration and management of Accounts/Resources/Brandnames/Hotlines using the Services; service registration and warranty support; forwarding information to Service Providers, etc.). For clarification, such third parties may act as a Personal Data Processor or a Personal Data Controller and Processor;

    c. To conduct product introduction and promotion activities, market research, public opinion surveys, and brokerage activities;

    d. To research and develop new services and provide appropriate products and services to the Providing Party;

    e. To conduct marketing services and product promotion and advertising activities;

    f. To measure and analyze internal data, conduct evaluations, and perform other processing activities to improve and enhance the quality of services provided by FTI to the Providing Party;

    g. To investigate and resolve inquiries and complaints from the Providing Party;

    h. To adjust, update, secure, and improve products, services, and equipment provided by FTI;

    i. To verify identity and ensure the security of the Providing Party’s information;

    j. To notify the Providing Party of changes to policies, promotions, and products and services provided by FTI;

    k. To prevent and combat fraud, identity theft, and other unlawful activities;

    l. To comply with applicable laws, relevant industry standards, and other prevailing internal policies of FTI;

    m. To maintain records and comply with legal and tax obligations in the course of providing products and services. FTI shall retain such Personal Data for a certain period or as required by applicable law;

    n. For any other purposes serving FTI’s operational activities and any other purposes notified by FTI to the Providing Party at the time of collecting the Personal Data or prior to commencing the relevant processing, or as otherwise required or permitted by applicable laws.

    o. For other cases serving the performance of transactions, contracts, and agreements between FTI and the Providing Party.

    4.2. Where it is necessary to process the Providing Party’s Personal Data for purposes other than those specified above or at the request of the Providing Party, the Personal Data Processor and/or the Personal Data Controller and Processor shall notify the Providing Party via FTI’s communication channels to obtain the Providing Party’s consent prior to such processing.

    4.3. The Parties acknowledge that they have been informed and clearly understand that the processing of Personal Data may simultaneously serve multiple purposes. Any purpose not specifically listed (if any) but falling within the scope contemplated under this Article shall be deemed lawful and satisfying the consent requirements in accordance with applicable laws.

    ARTICLE 5. DATA RETENTION AND PROCESSING PERIOD

    Each Party shall store and process the Personal Data provided by the Providing Party on the systems under its management, to the extent necessary for the provision and use of products and services and the performance of the contract, until the purposes of control and processing of Personal Data have been fulfilled or for the period required to comply with obligations under applicable laws and to resolve any arising disputes (if any), unless the Data Subject submits a written request to withdraw consent or to restrict the processing of Personal Data.

    ARTICLE 6. ORGANIZATIONS INVOLVED IN PERSONAL DATA PROCESSING

    6.1. Recipients of Personal Data

    The Providing Party agrees that, to the extent necessary for the purposes of personal data processing specified in Article 4 of this Policy and in compliance with applicable laws, FTI may transfer, disclose, and/or share the results of processing the Providing Party’s Personal Data with the following organizations and individuals:

    a. FPT Corporation and its affiliated companies; telecommunications enterprises, network operators, contractors, agents, business partners, and suppliers of services and goods of FTI, where such organizations and individuals participate in the processing of Personal Data under FTI’s instructions or agreements with FTI.

    b. FTI’s branches, business units, agents, and officers and employees, within the scope of their assigned functions and duties and consistent with the established purposes of personal data processing.

    c. Other relevant organizations and individuals, including but not limited to auditors, inspectors, lawyers, arbitrators, courts, and competent state authorities, where the transfer or disclosure of Personal Data is made at the request of competent authorities or in accordance with applicable laws.

    FTI shall ensure that any transfer of Personal Data is carried out with appropriate safeguards to ensure the security and confidentiality of Personal Data in accordance with applicable laws.

    6.2. Cross-Border Transfer of Personal Data

    FTI may transfer the Providing Party’s Personal Data overseas for processing and storage in order to serve the purposes specified in Article 4 of this Policy. Any cross-border transfer of Personal Data shall comply with the applicable laws of Vietnam.

    ARTICLE 7. PROCESSING OF PERSONAL DATA IN CERTAIN SPECIAL CASES

    ARTICLE 7. PROCESSING OF PERSONAL DATA IN CERTAIN SPECIAL CASES

    Each Party shall ensure that the processing of the Providing Party’s Personal Data fully complies with applicable legal requirements in the following special cases:

    7.1. CCTV footage may, in specific cases, also be used for the following purposes::

    a. Quality assurance purposes;

    b. Public security and occupational safety purposes;

    c. Detecting and preventing suspicious, inappropriate, or unauthorized use of FTI’s utilities, products, services, and/or facilities;

    d. Detecting and preventing criminal acts; and/or

    e. Conducting investigations and verifying incidents.

    7.2. Each Party shall always respect and protect children’s Personal Data. In addition to personal data protection measures prescribed by law, prior to processing children’s Personal Data, the relevant Party shall verify the child’s age and obtain consent from:

    a. The child and/or

    b. The child’s parent(s) or legal guardian in accordance with applicable laws.

    7.3. In addition to compliance with other relevant legal provisions, with respect to the processing of Personal Data relating to a person declared missing or deceased, each Party must obtain consent from one of the relevant persons in accordance with applicable laws.

    ARTICLE 8. RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT

    8.1. Rights of the Data Subject

    a. Right to Be Informed and Right to Consent

    Through this Policy, the Providing Party is informed of the personal data processing activities carried out by the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor in relation to its Personal Data.

    By accessing the website and agreeing to enter into contracts and use products and services on this website, the Providing Party expresses its consent to allow the Controller and/or Processor to process its Personal Data.

    b. Right to Rectification

    The Providing Party has the right to access, amend, and request the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor to correct its Personal Data.

    c. Right to Erasur

    The Providing Party has the right to request the deletion of its Personal Data stored by the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor in cases prescribed by applicable laws, such as where the Personal Data is no longer necessary for the original purposes of collection and processing or where the Personal Data has been unlawfully processed.

    d. Right to Restrict Processing

    The Providing Party has the right to request the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor to restrict, limit, or object to one or more processing activities relating to its Personal Data, subject to conditions prescribed by applicable laws.

    e. Right to Withdraw Consent

    Where the processing of Personal Data is based on the Providing Party’s prior consent, the Providing Party has the right to withdraw such consent at any time by submitting a written request to the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor, unless otherwise provided by law.

    Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal

    In the event of withdrawal of consent, the Controller and/or Processor may be unable to provide the Providing Party with full or quality services if the withdrawn information directly affects service provision or service quality.

    f. Right to Lodge Complaints, Denunciations, or Initiate Legal Proceedings in accordance with applicable laws.

    g. Right to Claim Compensation for actual damages in accordance with applicable laws where the Personal Data Controller, Personal Data Processor, and/or Personal Data Controller and Processor violates personal data protection regulations, unless otherwise agreed by the Parties or provided by law.

    h. Method of Exercising Rights: By written request submitted to the Controller and/or Processor.

    8.2. Obligations of the Providing Party

    a. Where the Providing Party is an organization and provides Personal Data of related individuals or individuals under its management to the Controller and/or Processor, the Providing Party shall ensure that it has obtained the consent of such individuals and shall provide complete and accurate Personal Data in accordance with the contract or consent given for processing.

    b. To comply with applicable laws and FTI’s regulations and guidelines relating to the processing of Personal Data.

    c. To take responsibility for the Personal Data and consent created or provided by it in cyberspace; and to bear responsibility in the event of Personal Data leakage or infringement due to its own fault.

    d. To regularly update itself on FTI’s Personal Data Protection Regulations and Policies as notified or published on FTI’s communication channels and to take actions as instructed by FTI to clearly express consent or refusal for personal data processing purposes notified from time to time.

    ARTICLE 9. POTENTIAL RISKS AND UNINTENDED DAMAGES

    9.1. FTI uses various information security technologies to protect Personal Data from unintended access, use, or disclosure. However, no data can be guaranteed to be 100% secure. Therefore, FTI commits to using its best efforts to safeguard Personal Data.

    Potential risks and unintended damages may include, but are not limited to:

    a. Hardware or software errors during data processing resulting in loss of the Providing Party’s data;

    b. Security vulnerabilities beyond FTI’s control or third-party attacks on systems leading to data breaches;

    c. The Providing Party disclosing Personal Data due to negligence or fraud, or accessing malicious websites/applications.

    9.2. FTI recommends that the Providing Party protect its login credentials and OTP codes and not share such information with any third party.

    9.3. The Providing Party should safeguard its electronic devices during use and log out of or exit accounts on FTI’s website or application when no longer in us.

    9.4. In the event that a data storage server is attacked by a third party resulting in loss of Personal Data, FTI shall notify the competent authorities for timely investigation and handling and inform the Providing Party accordingly.

    ARTICLE 10: GENERAL TERMS

    10.1. This Policy may be updated, amended, or supplemented from time to time in accordance with applicable laws without prior notice or consent, except where changes require the Providing Party’s consent under applicable laws. Continued use of products and services after notification of amendments shall constitute acceptance of such amendments.

    10.2. The provision of Personal Data, registration, continued use of FTI’s products and services, and/or confirmation of consent in legally recognized forms shall be deemed as the customer’s consent to FTI processing Personal Data for the purposes set out in this Policy. FTI is not required to take additional measures to notify the Providing Party of such processing unless explicitly required by law. The customer may modify or withdraw consent in accordance with applicable laws.

    10.3. This Policy shall be governed by and construed in accordance with the laws of Vietnam.

    10.4. This Policy constitutes the entire agreement between the Parties regarding the matters herein and supersedes all prior understandings or policies, whether written or oral.

    10.5. For the purpose of ensuring compliance with personal data protection laws, this Policy shall also apply to contracts, agreements, and documents executed before, during, and after its effective date.

    10.6. If any provision of this Policy is declared invalid by a competent court, such provision shall automatically be void without affecting the validity and enforceability of the remaining provisions.

    10.7 This Policy is publicly published on FTI’s website. The Parties acknowledge that they have read, understood, and agreed to all terms herein. By signing any contract, agreement, or document referencing this Policy, the Providing Party confirms its consent or that it has obtained full consent from the Data Subjects for the provision, control, and processing of Personal Data throughout the transaction and contract performance period. This Policy forms an integral and inseparable part of any contract, agreement, or document that references it.