About Help All Service Strength News Contact Us

PERSONAL DATA PROCESSING AGREEMENT

HELP ALL 247 JSC
Address: 85 Tan Cang Street, Ward 25, Binh Thanh District, Ho Chi Minh City, Vietnam
Contact: (+84) 088 864 22 99
Email: info@helpall247.com

(Pursuant to Decree No.13/2023/ND-CP effected from July 1st, 2023 of the Government on Protection of Personal Data)

The Personal Data Protection Agreement is made by and between HELP ALL and its Agents/Customers/Partners/Suppliers/Individuals affiliated with or associating with HELP ALL 247 JSC. (hereinafter referred to as “Provider”).

HELP ALL voluntarily agrees to comply with the Regulations on Protection of Personal Data with the following terms:

Article 1: Definitions

“Contract” refers to any Contract/Agreement/Transaction/Association between the Provider and HELP ALL and/or including related minutes, agreements, and appendices. These may consist of contracts/agreements/transactions/associations for the sale of goods, service provision, labor contracts, and other agreements.

“Personal Data” refers to any information that HELP ALL collects from the Provider about a Data subject. This may be the personal data of the Provider or personal data of other data subjects legally collected and permitted for transfer to HELP ALL for performing tasks stated in the Contracts/agreements/transactions/associations between HELP ALL and the Provider.

“Data Protection Regulation” refers to all laws and regulations on personal data protection or individuals’ privacy rights applicable to personal data processing activities in Vietnam, including but not limited to the 2004 National Security Law, the 2018 Cybersecurity Law, Decree No. 13/2023/ND-CP on Personal Data Protection, and any amendments, supplements, or replacements of these documents.

“HELP ALL Network” means HELP ALL’s data centers, cloud computing systems, servers, networking devices, storage software systems, and any other systems (if any) used to perform the scope of work according to the Contracts/agreements/transactions/associations between HELP ALL and the Provider.

The terms “personal data,” “data subject,” “personal data processing,” “controller,” and “controller-cum-processor” used in this Agreement have the meanings as defined in Decree No. 13/2023/ND-CP on Personal Data Protection.

Article 2: Contents of Protection of Personal Data

a. The parties acknowledge and agree to the following contents:

  • 1. HELP ALL is the processor of Personal Data under the Data Protection Regulation.
  • 2. The Provider is the data subject, controller, or controller-cum-processor of Personal Data under the Data Protection Regulation.
  • 3. Each party shall comply its obligations under the applicable Data Protection Regulation regarding the processing of Personal Data.

b. Purpose of Data Collection and Processing:

  • 1. HELP ALL shall collect, store, and process Personal Data as necessary to fulfill obligations under the contract/agreement/transaction/association with the Provider and other related tasks. The Provider agrees to allow HELP ALL to process their data and share the results of this processing for the following purposes:
    • Sending notifications about information exchange activities between the Provider and HELP ALL.
    • Preventing activities that destroy or usurp the Provider’s user account or impersonate the Provider.
    • Organizing trade promotion and introduction, market research, public opinion surveys, and brokerage services.
    • Researching and developing new services and providing suitable products and services for the Provider.
    • HELP ALL may use the Provider’s information for marketing services and product advertising introductions.
    • Verifying the identity and ensuring the security of the Provider’s information.
    • Collecting and storing personal data from the Provider for record-keeping and complying with legal and tax obligations (if any), under statutory periods.
    • Performing other actions as required by law.

    2. HELP ALL shall not:

    • Process, store, use, or disclose personal data unless necessary to fulfill obligations under the contract/agreement/transaction/association, or regulatory requirements.
    • Sell personal data to any third party.
    • Storage, use, or disclose personal data outside its direct business relationship with the Provider unless requested by the data subject or legally required.

    3. To clarify, the Provider’s instructions for processing personal data must align with the contract’s terms and adhere to all applicable Data Protection Regulations. The Provider is responsible for ensuring the accuracy, quality, and legality of the personal data, as well as for how the data was collected. If the Provider is not the data subject, the Provider acknowledges and agrees to the following:

    • The Provider has obtained explicit consent from the data subject (under Data Protection Regulations) for every data collecting sharing, and using activities as outlined in the contract/agreement/transaction/association.
    • The Provider has informed and obtained explicit consent from the data subject (as Data Protection Regulations) that personal data may be processed outside the subject’s country. If the Provider is the controller-cum-processor, the Provider must also ensure that its instructions and actions concerning personal data, including the designation of HELP ALL as an additional processor, have been authorized by the relevant data controller. HELP ALL shall not be required to follow any instructions from the Provider if those instructions violate Data Protection Regulations
    • Types of Protected Personal Data: The Personal Data protected by this Agreement includes information in the form of symbols, letters, numbers, images, sounds, or electronic equivalences associated with an individual or used to identify an individual. Personal data includes general personal data and sensitive personal data, such as name, address, phone number, date of birth, email address, occupation, health status, income, or any other specific personal data as prescribed by law that requires special protection.
    • Methods of Personal Data Protection: HELP ALL shall collect, analyze, evaluate, use, store, transfer, process, and provide Personal Data to relevant parties or relevant agencies and carry out other activities necessary to serve the purposes outlined in Clause 2 of this Article.
    • Parties involved in Personal Data Protection: The Controller agrees that, for the purposes outlined in Clause 2 of this Article, HELP ALL may disclose Personal Data to subsidiaries and/or affiliates to the extent necessary, provided that these subsidiaries and/or affiliates commit to fulfilling equivalent obligations stipulated in this Agreement.
    • Personal Data Protection Period: Personal Data protection will commence from the time HELP ALL obtains the information/personal data and the Controller’s consent to process it. HELP ALL will continue processing Personal Data for the duration of the contract’s validity and in accordance with law.

    4. Agreement of HELP ALL:

    HELP ALL agrees to maintain the confidentiality and protection of Personal Data as outlined in this Agreement and compliance with Vietnamese law and this agreement’s regulations. Should any disruptions, delays, disconnections, or malfunctions occur in Personal Data processing due to causes beyond HELP ALL’s reasonable control, HELP ALL will make every reasonable effort to secure and protect Personal Data as per Vietnamese legal standards and security requirements. In such incidents, HELP ALL will promptly notify the Provider, and the Provider agrees to waive liability for HELP ALL in such cases.


    In cases of detection of a violation against regulations on protection of personal data, HELP ALL shall notify the Provider as soon as possible upon detecting the violation. Additionally, the Personal Data Controller and the Controller-cum-Processor shall notify the Ministry of Public Security (Department of Cybersecurity and High-Tech Crime Prevention) within 72 hours after such violation is committed.

Article 3: Rights and Obligations of the Data Subject

a. Data Subject’s rights

  • 1. The data subject has the right to be informed of his/her personal data processing, unless otherwise provided for by law.
  • 2. The data subject has the right to access his/her personal data in order to look at, rectify or request rectification of his/her personal data, unless otherwise provided by law.
  • 3. The data subject has the right to withdraw consent, unless otherwise provided by law.
  • 4. The data subject has the right to delete or request deletion of his/her personal data according to Article 4 of this Agreement.
  • 5. The data subject has the right to request restrictions on the processing of personal data, unless otherwise provided by law. The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the data subject’s request within 72 hours after receiving the request, unless otherwise provided for by law.
  • 6. The data subject has the right to request to provide him/her with his/her personal data, unless otherwise provided for by law.
  • 7. The data subject has the right to object to the processing of his/her personal data to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes, unless otherwise provided for by law. HELP ALL shall comply with the data subject’s request within 72 hours after receiving the request, unless otherwise provided for by law.
  • 8. The data subject has the right to file complaints, denunciations, lawsuits, and claim damage as prescribed by law.

b. Data subject’s obligations

  • 1. Protect his/her own personal data; request relevant organizations and individuals to protect his/her personal data.
  • 2. Respect and protect others’ personal data.
  • 3. Fully and accurately provide his/her personal data when he/she consents to the processing.
  • 4. Participate in the dissemination of personal data protection skills.
  • 5. Comply with regulations of law on the protection of personal data and prevent violations against regulations on the protection of personal data.
Article 4: Return and Deletion of Personal Data

a. Depending on the terms of the contract/agreement/transaction/association, the Provider may be granted the right to access or delete Personal Data. If the Provider does not request deletion, data will be deleted within thirty (30) days after the contract/agreement/transaction/association expires, or sooner as specified in the contract. If no deletion period is specified, HELP ALL will apply an internal policy timeframe. The Provider must ensure that any data they wish to retain is exported or that unnecessary data is deleted under legal requirements before the end of the contract/agreement/transaction/association.

b. The personal data shall not be deleted at the request of the Provider in the following cases:

  • 1. The deletion of personal data is prohibited by law.
  • 2. The personal data is processed by the competent state agency to serve operations by such agency as prescribed by law.
  • 3. The personal data has been disclosed as prescribed by law.
  • 4. The personal data is processed with a view to serving law, scientific research and statistics as prescribed by law.
  • 5. In the event of a state of emergency on national defense, security, social order and safety, major disasters, or dangerous epidemics; when there is a risk of threatening security and national defense but not to the extent of declaring a state of emergency; to prevent and combat riots and terrorism, to prevent and combat crimes and law violations according to regulations of law.
  • 6. It is required to respond to emergent cases that threaten the life and health or the safety of the data subject or other persons.

c. Return or deletion of Personal Data as requested by the Provider, or upon partial termination of the contract/agreement/transaction/association, shall be done where there is no negative effect on HELP ALL’ ability to provide remaining services under the agreement and shall comply with personal data protection laws and other relevant laws.

Article 5: Provider’s Declaration

a. The Provider voluntarily agrees and fully understands each clause of this Agreement.

b. If the Provider is a Personal Data Controller or Controller-cum-Processor, the Provider guarantees:

  • 1. The data subject has been fully informed and consents to all terms regarding personal data processing as per Article 2 before agreeing to data collection by the Provider, under this Agreement and data protection Regulations.
  • 2. A dossier on the assessment of the impact of personal data processing on personal data has been done.

c. The Provider guarantees and indemnifies HELP ALL against damages caused by the Controller’s non-compliance with this Agreement.

Article 6: General Terms

This Agreement is an integral part of the contract/agreement/transaction/association between the Provider and HELP ALL where it is referenced.

If HELP ALL provides personal data that it collects/holds to the Provider, the Provider commits to maintaining a level of personal data protection not lower than that guaranteed by HELP ALL in this Agreement.