1. General Provisions

1.1. This Privacy Policy (hereinafter – the “Privacy Policy”) is an official document of the Contractor and the operator (hereinafter – the “Operator”) of the website “hosthada.shop” and is the annex to the Agreement (hereinafter – the “Agreement”), which contains and defines the procedure for processing and protecting personal data (hereinafter – “Personal Data”) of individuals (hereinafter – the “Customers”) who are interested in purchasing or using the Information Services provided by the Contractor on the website “hosthada.shop” (hereinafter – the “Website”).

1.2. The relations connected with the collection, storage, dissemination and protection of information about the Customers of the Website are regulated by this Privacy Policy, other official documents of the Operator of the Website and the current legislation of the Vietnam, international data protection laws, in particular the Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

1.3. The Operator has implemented the following requirements under the GDPR, including but not limited to:

• prepared a record of Personal Data processing activities;
• verified Personal Data of the Customers and analyzed it;
• took organizational and technical Personal Data protection measures;
• informed the Customers about the GDPR;
• reviewed privacy notices;
• reviewed rights that the Customer has over their Personal Data (Data Subject Rights like the Right to be Forgotten and other rights);
• enabled the Customer’s Personal Data transfers;
• prepared for Data Breaches;
• created an internal privacy policy.

1.4. By sending messages through the contact forms, registering, ordering and paying for the Information Services using the means and the communication forms on the Website, the Customer agrees to the terms of this Privacy Policy.

1.5. The Operator of the Website does not verify the accuracy of the received information (the collected information) about the Customers, except for cases when such a check is necessary in order to fulfill the Operator’s obligations to the Customer.

2. Terms and purpose of Personal Data processing

2.1. The Operator of the Website performs processing of the Customer’s Personal Data in connection with the conclusion of the Agreement to which the Customer is a party. The use of the Customer’s Personal Data may be necessary to perform the contract that the Customer has with the Operator. For example, if the Customer uses the Operator’s Information services, the Operator will use the Customer’s information to carry out the Operator’s obligation to complete and administer that Information Service under the Agreement that the Operator has with the Customer.

2.2. The Customer is free to decide whether or not to share certain Personal Data (if any) with the Operator. However, if the Customer decides not to provide certain Personal Data; or if the Customer withdraws their consent thereto at a latter moment, this may have affect how the Customer experience the Operator’s services and, in some cases, whether the Operator can provide these services to the Customer.

2.3. The Operator may rely on the Customer’s consent to use the Customer’s Personal Data for certain direct marketing purposes. Whenever the Operator relies on the Customer’s consent for processing the Customer’s Personal Data, the Customer is free to withdraw their consent at any time.

2.4. The Customer is entitled to withdraw their consent to the processing the Customer’s Personal Data at any time by giving notice to the Operator. Upon receipt of a notice where the Customer’s consent is withdrawn, the Operator will without undue delay stop processing the Customer’s Personal Data to the extent it is required under law. Please use the contact information at the bottom of the page should you wish to withdraw your consent given under this Privacy Policy.

2.5. The Customer’s Personal Data is not distributed or disclosed to third parties without the Customer’s consent and used by the Operator solely to conclude the Agreement with the Customer and fulfill the obligations under this Agreement.

2.6. The purposes of Personal Data processing include:

• receipt by the Customer of documents and materials, other information about the Operator’s Information Services, in connection with the fulfilment the Operator’s obligations under the Agreement;
• processing of orders, rendering of the Information Services to the Customer and provision of consulting and technical support to the Customer;
• verification of Personal Data required for the conclusion and performance of the Agreement;
• risk management, detection, prevention and/or offsetting of fraud or other potentially prohibited or illegal activities, investigating and processing suspected violations of the Operator’s acceptable use policy;
• communication with the Customer via the telephone by using a voice call or through text (SMS) or e-mail messaging or Live Chat on the Website in connection with the performance of the obligations under the Agreement. This includes communicating with the Customer to provide information about services of the Operator, to provide information about offers, orders, provision of services, order status and payment, to provide support and maintenance services, to handle complaints, and to answer questions from the (potential) Customers;
• performing financial processes, including calculating, invoicing and collecting of service charges, processing financial transactions regarding the acceptance of orders, and granting debt collection rights to third parties;
• improving the quality of services by means of conducting market research, conducting retention and customer satisfaction surveys, conducting marketing activities (including through email newsletters and social media and onsite/offsite and online/offline advertisement), conducting sales activities including analyzing the Customer’s data and the Customer’s use of the Website’s services for making (personalized) offers and quotes with the aim of entering into the Customer’s relationship, and/or maintaining, renewing or expanding the Customer’s relationship with the Operator;
• conducting legal processes, including conducting legal proceedings, and collecting evidence for civil legal proceedings relating to the Customer;
• complying with statutory obligations, including provision of data to authorized authorities in the context of criminal investigations, complying with (applicable) data retention obligations, and the provision to third parties of Data concerning customers in connection with an infringement of these third parties’ rights;
• establishing the identity of the Customer or third parties, in relation to the provision of access to the Operator’s Information services.

3. Procedure for the implementation and changes of the Privacy Policy

3.1. The Privacy Policy takes effect from the moment of its posting on the Website and is valid indefinitely, until its replacement with a new Privacy Policy.

3.2. The current edition of the Privacy Policy is a public document available to any Internet user.

3.3. The Operator of the Website has the right to make changes to this Privacy Policy. When changes are made the Operator notifies the Customers by posting a new edition of the Privacy Policy on the Website. The previous edition of the Privacy Policy become no longer valid. The Operator advises you to check this page regularly to see if any changes have been implemented. If the Operator implements a change in how the Operator deals with Personal Data with respect to which the Operator requires your consent, the Operator will re-request the Customer consent.

3.4. The Operator advises you to check this page regularly to see if any changes have been implemented. If the Operator implements a change in how the Operator deals with Personal Data with respect to which the Operator requires the Customer’s consent, the Operator will re-request the Customer consent.

4. The scope of Personal Data

4.1. Personal Data is provided by the Customer voluntarily, meaning the Customer’s consent to the Personal Data processing. The Personal Data includes:

4.1.1. the minimum Customer’s Personal Data required for communication: surname, name, patronymic, address, telephone number, e-mail address, and other similar information.

4.1.2. other Personal Data (including gender, age, date of birth, address, etc.) is provided by the Customer at will and if necessary at the Operator’s request for communication with the Customer and the implementation of actions related to the performance of the Operator’s obligations to the Customer.

4.1.3. the Customer’s account information with the Website – such as the Operator’s Information services the Customer ordered, domain name registration information, the IP addresses assigned to the Customer, the Customer’s IDs, service charges owed and received, the use of the Operator’s Information services or any other information related to the Customer’s account.

4.1.4. the Customer’s contact with the Operator – such as a note or recording of a call the Customer makes to the Operator, a chat record when the Customer engages in a chat session with the Operator, an email or letter the Customer sends to the Operator or other records of any contact the Customer has with the Operator.

4.1.5. information about the Customer’s payment method, such as credit card number, bank account number, online payment processor’s data or other payment information.

4.1.6. information provided by the Customer to the Operator when the Customer notifies the Operator of a (suspected) breach of the Operator’s acceptable use policies.

4.1.7. documents and information that certify the Customer’s identity.

4.2. Other information about the Customers processed by the Operator of the Website.

The Operator of the Website also processes other information about the Customers, which includes:

4.2.1. standard data automatically received by the server when the Customer accessing the Website and subsequent actions of the Customer. This includes data such as, the website features the Customer uses, the services the Customer purchases from the Website, the web pages the Customer visits, the time the Customer spends on these pages, and the search terms the Customer enters. This also includes data about the Customer’s devices, including IP addresses, devices identifiers, regional and language settings, and data about the networks, operating systems, browsers or other software the Customer uses to connect to the Website.

4.2.2. data automatically obtained by means of cookies when the Customer accesses the Website. Cookies is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies help the Operator to provide the Customer with a good browsing experience and also allow the Operator to improve its Website.

You can view and manage your cookies through the privacy and security settings in your browser (and/or web developer tool of your browser) or manage this through browser add-ons or extensions. Moreover, you can block the cookie settings by using an ad-blocker in your browser. Please note that if you do refuse the use of cookies by any of these means, you may not be able to use the full functionality of the Operator’s Website.

More specifically, the Operator’s Website uses cookies for the following purposes:

• Essential Cookies. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
• Performance cookies. The Website also places cookies on your device to make navigating the Website easier. These cookies are used to allow the website to remember choices you made and provide for enhanced, more personal features. For instance, these cookies can be used to remember the status of your shopping cart, or to allow you to return to a previous page or it stores your preferred language or the region that you are in.
• Web Analytics Cookies. The Website uses web analytics services i.e. Google Analytics. These tools place cookies on your device to help distinguish between different visitors and to analyze what the user did during his visit on the website. The cookies placed on your device by these tools are used to collect certain information, such as the date and time that a user visits the Website, the number of times a user has visited the Website and the website that has directed the user to the Website. More information on the use of cookies can be found on their websites.
• Marketing Cookies. The Operator uses advertising services from search engines (i.e. Google, Bing), ad networks (i.e. Google) and social media (Facebook, Twitter, LinkedIn), which can place cookies on your device to serve ads based on your prior visits to the Website. More information on the use of cookies by these services can be found on their respective websites. The Operator also uses marketing automation services (i.e. OneSignal).
• Social Media Cookies. Social media can place cookies through the Website to integrate social media (i.e. LinkedIn, Twitter, Google+ and Facebook). You agree to place these cookies on your device by clicking on the social media buttons to activate them. These social media have their own privacy and cookie policies, which Operator does not control. Please check the social media websites for more information about their cookies and how to manage them.

4.2.3. data obtained as a result of actions of the Customer on the Website.

4.2.4. data obtained as a result of actions of other users on the Website.

4.2.5. data which is required to identify the Customer to access the services of the Website.

5. Processing of the Customers’ information

5.1. The processing of Personal Data is based on the following principles:

• Lawfulness, fairness and transparency – the Operator will process Personal Data lawfully, fairly and in a transparent manner in relation to the data subject.
• Purpose limitation – the Operator will only collect Personal Data for a specific, explicit and legitimate purpose. The Operator will clearly state what this purpose is, and only will collect data for as long as necessary to complete that purpose.
• Data minimisation – the Operator will ensure that personal data which will be processed will be adequate, relevant and limited to what is necessary in relation to the processing purpose.
• Accuracy – the Operator will take every reasonable step to update or remove data that is inaccurate or incomplete. The Customers have the right to request that the Operator erase or rectify erroneous data that relates to them.
• Storage limitation – the Operator will delete Personal Data when it is no longer needed.
• Integrity and confidentiality – the Operator will keep Personal Data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

5.2. Collection of Personal Data.

5.2.1.The Operator may collect your Personal Data when:

• you browse or use the Website;
• you order Information Services on the Website;
• you enter a promotional codes on the Website;
• you participate in the Operator’s survey;
• you subscribe to the Website’s newsletter;
• you subscribe to the Website’s push messages;
• you ask the Operator for more information about a service, or contact the Operator with a question, comment or complaint;
• you submit an abuse notification to the Operator;
• you use the Operator’s network and equipment, the Operator’s infrastructure and/or other Operator’s services.

5.2.2. The Customer’s Personal Data is collected on the Website upon the Customer enters data on its own initiative at the time of communicating with the Operator or the Website.

5.2.3. The Customer provides their last name, first name, patronymic, e-mail address and phone number for feedback.

5.2.4. Other personal information is provided by the Customer on its own initiative or the request of the Operator by means of the relevant sections and resources of the Website, for example, for ordering, and required only for the conclusion and performance of the Agreement by the Operator to which the Customer is a party.

5.3. Transfer of Personal Data

5.3.1. Personal Data of the Customers is not transferred to any person, except in the cases specifically provided by this Privacy Policy.

5.3.2. The Operator may share Data about the Customer with:

• partners or agents involved in delivering the Information services the Customer has ordered with the Operator;
• fraud prevention agencies and services;
• domain name registries when the Operator registers a domain name on the Customer’s behalf;
• debt collection agencies or other debt recovery organisations;
• law enforcement agencies, regulatory organisations, courts or other public authorities to the extent required by law;
• the Operator’s customer, if you notify the Operator that this customer use of the Operator’s services violates the applicable law;
• a third party that has claimed that use of the Operator’s services by the Customer violates the applicable law (to the extent such sharing is required by law).

5.3.3. Applications used by the Customers on the Website are maintained by third parties (developers) who operate independently of the Operator and do not act on behalf of or at the request of the Operator. Customers are required to familiarize themselves with the rules for the provision of Information services and the policy of protecting Personal Data of such third parties (developers) prior to the use of the relevant applications.

5.4. Retention and destruction of Personal Data

5.4.1. Personal information of the Customers is stored solely on electronic media and is processed by the use of automated systems except where the manual processing of the Customers’ Personal Data is required in order to comply with the requirements of the legislation.

5.4.2. The Operator will store the Customer’s Personal Data as long as necessary to perform the purposes of processing as stated in this Privacy Policy; unless otherwise required by law. Therefore, the exact retention period of your Personal Data may vary on case-by-case basis.

5.4.3. The Operator is obligated to produce taxation reporting and keep financial records for a period of time therefore the Operator needs to keep Customer’s Personal Data such as contact details, order history, invoices and other other important information connected with the Customer’s orders, if any. The minimum required list of the Customer’s Personal Data that the Operator is legally obliged to store will include at least:

• Customer’s first name and last name;
• Customer’s Email;
• Customer’s invoice mailing address;
• The content of the invoice’s.

5.4.4. Upon termination of the applicable purpose of the processing of Personal Data, or upon Customer’s written request, the Operator will either destroy the Customers Personal Data unless otherwise required by law. The request must contain identification data which expressly indicates the Customer’s ownership of Personal Data.

6. The Operator’s role as data processor.

6.1. Personal Data hosted, transmitted or processed on infrastructure controlled by the Customer is governed by this paragraph. The Customer of the Operator that has ordered the Operator’s Information services, will be responsible for determining the purposes and means of the processing of Personal Data, and this Operator’s Customer (or its customers) will be the data controller in regards to such processing. If at any time the Operator has access to personal data stored on infrastructure controlled by the Customer, then the Operator shall be a data processor, and any actions performed by the Operator in relation to such data shall be solely governed by the agreement concluded between the Operator and the Customer.

7. Measures to protect Personal Data.

7.1. The Operator takes technical, organizational and legal measures in order to protect Personal Data of the Customer against unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions.

7.2. In accordance with international data protection laws, in particular the GDPR, the Operator observe adequate procedures to prevent unauthorized access to, and the misuse of, Personal Data. The Operator uses appropriate business systems and procedures to protect and safeguard the Customer’s Personal Data. The Operator also uses security procedures and technical and physical restrictions for accessing and using the Customer’s Personal Data.

8. Customer’s rights regarding Personal Data

8.1. In accordance with data protection laws, you have a number of rights regarding your Personal Data and the processing thereof:

• to view and, if necessary, change Personal Data in the Client area at any time;
• to know what information the Operator has collected about the Customer;
• to make changes to the Personal Data the Customer has seen the Customer cannot change in the Client area;
• to obtain from the Operator the erasure of the Customer’s Personal Data (right to be forgotten);
• in addition, the Customer, under certain circumstances, has the right to restriction of the processing of their Personal Data;
• to object, on grounds relating to a particular situation, at any time to processing of Personal Data;
• to receive Personal Data, which the Customer has provided to the Operator, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller when the processing is based on the Customer’s consent or is necessary for the performance of a contract;
• to lodge a complaint with the competent supervisory authority.

9. Limitations of the Privacy Policy

9.1.This Privacy Policy does not apply to actions and Internet resources of third parties.

9.2. The Operator is not responsible for the actions of third parties who get access to information about the Customer and the consequences of using of this information, which, due to the nature of the Website is available to any Internet user as a result of using the Internet or the services of the Website.

9.3. The Operator recommends that Customers take a responsible approach to deciding how much information about themselves will be transmitted through the Website the Operator.