Article 9. Methods of Processing Personal Data

Accordion: (Yes)

  1. Collection of Personal Data: DXG and/or the Personal Data Processing Party(ies) may collect the Personal Data of Data Subjects from various legitimate sources, including but not limited to:
    1. Directly provided to DXG by the Candidate during the interview process;
    2. Directly provided to DXG by the Employee when entering into a contract with DXG and during employment at DXG;
    3. From exchanges, communications, and interactions with the Data Subject;
    4. From audio and video recording devices connected to security systems located at business units/branches/transaction offices and at DXG;
    5. Provided by the Data Subject to third parties (organizations or individuals outside DXG and the Personal Data Processing Party but authorized to process Personal Data) and consenting to that third party providing the data to DXG. For the purposes of this regulation, third parties may include, but are not limited to, providers of services related to communications, recruitment, market research, marketing, fraud prevention, data collection, and/or other third parties involved in DXG's operations;
    6. From DXG's Personal Data Processing Parties (including business partners), Affiliated Banks, publicly available data sources or data sources of competent state authorities, and other sources;
    7. From any other sources and/or third parties not mentioned above that process personal data in accordance with Vietnamese law and have obtained the data subject's consent to provide it to other parties, including DXG.
    DXG will use all methods permitted by Vietnamese law to collect Personal Data from the sources mentioned above, including, but not limited to, landline telephone systems, telephone switchboards, mobile phones, email, laptops, CCTV cameras, and other electronic transaction systems.
  2. Processing of Personal Data Obtained from Recording Activities in Public Places:
    1. DXG may collect and process image data of individuals and information obtained from security systems (e.g., audio and video recordings from areas equipped with CCTV surveillance cameras, including but not limited to branches, business units, and headquarters, including transaction counters, corridors, entrances, and parking lots) for the purpose of protecting national security, public order and safety, and the legitimate rights and interests of organizations and individuals as prescribed by law, without requiring the consent of the Data Subject.
    2. At DXG, the security and CCTV systems operate 24/7 to ensure the safety and order of Data Subjects, prevent crime, protect facilities, and prevent fires. DXG commits to processing only the Personal Data of Data Subjects in accordance with the contents of this Policy and the provisions of the law.
  3. Processing of Children's Personal Data
    1. DXG processes children's personal data in accordance with the principle of protecting the rights and best interests of children. Before processing children's personal data, DXG will take appropriate measures to verify the child's age.
    2. DXG may receive personal data of children who are employees' children, relatives, dependents, etc., and process this personal data for the purposes specified in Article 4 of this Policy. DXG only processes children's personal data on the basis of an agreement with the employee for the purposes of processing. Employees are responsible for ensuring that children have been fully informed of the relevant Processing Purposes and have obtained the consent of the child in the case of children aged 7 years and older, and the consent of their parents or guardians as prescribed, except as stipulated in Article 17 of Decree 13/2023/ND-CP dated April 17, 2023, before providing such information to DXG.
  4. Transfer of Personal Data Abroad
    1. DXG may transfer or grant access to the Personal Data of Data Subjects to partners and service providers abroad for processing in accordance with the Processing Purposes agreed upon by the Data Subject. In some other cases, DXG's partners and service providers based in Vietnam may use equipment and data processing systems located outside the territory of Vietnam to process Personal Data on behalf of DXG. These cases are all considered as transferring the Data Subject's Personal Data abroad.
    2. It should be noted that some countries may have lower or higher levels or practices regarding the protection of Personal Data than Vietnam. In all cases involving the transfer of Personal Data abroad, DXG will endeavor to implement appropriate measures to ensure the protection of the Data Subject's Personal Data, including signing data security agreements and commitments, selecting appropriate Data Processing Partners with clearly defined tasks, and only working with partners who have appropriate safeguards in place.