PRIVACY POLICY

Contents

1. Introduction

The Bestarion Software Joint Stock Company (“We”, “Company”, “Our”) concerns about privacy / security regarding the information you provide to the Company. This privacy policy describes how we collect, use, process, and transfer your data, as well as your rights related to personal data.

We need your consent and permission to collect, process, and store your data for the purpose of providing services to you as described in this Privacy Policy.

This policy also applies to any personal information provided to Bestarion by an individual or third parties with the legal right to provide information. Bestarion may use personal data and other information provided for the purposes outlined in this policy or notified at the time of collection.

In this policy, the following terms are used:

  • “Personal information” or “Personal data” means any information related to identifying or capable of
    identifying an individual
  • “Identifying an individual” means a person who can be directly or indirectly identified, specifically by
    reference to an identity card number or one or more other factors
  • “Data subject” means the owner of personal information that can be used to identify or identify them
  • “User” “You” (and other similar terms) refer to Bestarion’s customers, individuals related to Bestarion’s
    customers, contacts, suppliers, candidates, employees, and visitors to the Bestarion website

2. General Principles

Bestarion ensures that all personal data is processed according to the following principles:

  • Legality, fairness, and transparency: Data is processed in a legal, fair, and transparent manner with the data subject.
  • Purpose limitation: Information must be collected or generated for specific, clear, legal purposes, and the processing method must comply with the purposes in this policy.
  • Data minimization: Personal data is collected fully, relevantly, and limited to the necessary information for Bestarion’s purposes.
  • Accuracy: Personal data is stored accurately and updated reasonably.
  • Storage limitation: The storage time of information is appropriate for Bestarion’s purposes, except as
    required by law.
  • Integrity and security: Personal data must be stored securely, avoiding any unauthorized, accidental, or intentional access or use that may cause loss or destruction of information.

3. What Information Does Bestarion Collect?

Bestarion aims to be transparent in the processing your personal information. We may collect the following information from you:
Note: If you provide personal data of any third party to us, you represent and warrant that you have obtained the necessary consent, licenses, and permissions from that third party to share and transfer their personal data to us and for us to collect, store, use, disclose, and / or process that data in accordance with this Policy. You must provide us with legally valid documentation proving that you have obtained consent and permission.

3.1. For All Users / Organizations Using Bestarion Website

Bestarion aims to be transparent about the reasons and methods for processing user’s personal information.

  • For all visitors to the Bestarion website, Bestarion may collect, use, store, and transfer various types of personal data that Bestarion has compiled, including:
    • Identity data: Including name, surname, username, or similar identifier, title, and gender.
    • Contact data: Including address, email address, and phone number.
    • Technical data: Including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the user’s device used to access this website. This type of technical data may disclose some personal information through the use of cookies, server logs, and similar technologies. Please refer to the Bestarion Cookie Policy for more details.
    • Profile data: Including username, preferences, favorites, and feedback.
    • Usage data: Including information about how the user uses the Bestarion website, products, and services. When users use the Bestarion website, it may automatically collect data about the device, and browsing actions…
    • Communication data: Including data that users send to us through the Bestarion website, email, or online chat.”
  • Third-party websites: The Bestarion website may include links to third-party websites, plug-ins, and
    applications. Clicking on these links may allow third parties to collect or share your data. Bestarion does not control these websites and is not responsible for the privacy terms of third parties. When leaving Bestarion website (https://bestarion.com/), Bestarion encourages you should read the privacy notices when accessing other websites.

3.2. For Employees, Contractors And Applicants

  • Data subjects in this section include Applicants, Interns, Personal Partners, Partner Company Employees, and Experts,..
  • Bestarion will collect the following information within the scope appropriate for the purpose of providing services to you, depending on:
    • The information you provide.
    • The information from the feedback of the Applicant (i) through advertisements posted by Bestarion on job boards, online CVs through social networks; (ii) information that the Applicant shares on online recruitment pages that Bestarion is searching for; or (iii) any other means of communication.

3.2.1. Basic Personal Data 

  • Last name, middle name and birth name, other name (if any)
  • Date of birth
  • Sex
  • Residence information (including permanent residence, temporary residence, current residence,
    hometown, contact address)
  • Nationality
  • Pictures of individuals
  • Phone number, identity card number, personal identification number, passport number
  • Marital status
  • Information about family relationships (parents, children)
  • Email address
  • Information on study and work history (including references)
  • Payment information, such as bank account numbers, credit card numbers, and any other payment details.
  • Any other data and information that you actively provide to us in the process of using the service.

3.2.2. Some Sensitive Personal Data

  • Your voice through recorded calls (if available).
  • Information about health status in medical examination report documents, information in criminal record reports provided by you (if any).
  • Information about your income (if any).
  • Information about your ethnicity, religion, and political parties (if any).

3.3. For Customers, Suppliers and Partners

In case that you are a customer, Bestarion may collect additional information from you, including:

  • Company Information including Identity Information, Tax ID number, trade name, address, products and services (if any).
  • Payment information, such as bank account numbers, credit card numbers, and any other payment details.
  • Any comments or feedback shared about Bestarion products / services.
  • Details of any query related to Bestarion products / services.
  • Any communication that is sent by customers to Bestarion.
  • Necessary information, requests, data are provided so that Bestarion can perform the service according to the agreement.

4. How Does Bestarion Use Your Data?

Bestarion will only use personal data for purposes thoroughly comply with the Applicable Law. Normally, Bestarion will use personal data in the following cases:

  • Contract performance: Cases necessary to perform a business cooperation contract between Bestarion and you.
  • Legitimate interest: Where necessary for Bestarion’s legitimate interest in the operation of a business as long as it does not exceed and affect your interests
    • Examples of “legitimate interests” mentioned above are:
      ✔ Provide information and / or services to individuals who visit our website
      ✔ Provide information about job opportunities
      ✔ Prevent fraud or illegal activity and to protect our IT systems
      ✔ Conduct and analyze our marketing activities
      ✔ Meet corporate and social responsibility obligations
  • Legal obligations: Where to comply with legal requirements as well as make necessary disclosures as required by law, regulation, direction, court order or regulations applicable to Bestarion.
  • Your consent: When you actively provide information to Bestarion, we understand that you allow us to collect and use the information you provide according to this policy without requiring any additional consent. In some other cases, we will ask you to allow specific rights to process some of your personal information. We will only process your personal information in this way if you agree. Note that Bestarion may use personal data for one or more purposes. You have the right to withdraw your permission / consent by contacting Bestarion via the email: dataprivacy@bestarion.com

4.1. For All Users / Organizations Using Bestarion Website

Bestarion may use user’s personal data in the cases outlined below:

  • Maintain records of all candidates, consultants, clients, business partners, vendors, suppliers, and
    employees of suppliers or third parties
  • Implement procedures to manage customer relationships and leads
  • Carry out marketing, profiling and business development activities as well as market research, statistical analysis and customer surveys on Bestarion’s services
  • Implement procedures to serve recruitment activities based on user’s application information
  • Comply with any legal requirements and make necessary disclosures as required by law, regulation,
    direction, court order or regulations applicable to Bestarion

4.2. For Employees, Contractors And Applicants

  • Confirm your identity, accuracy of data, information about you that the Company collects
  • To comply with a court order or other legal process or other legal and / or regulatory requirements of any other government and / or regulatory authority
  • Maintain records of all candidates, consultants, business partners, vendors, employees and employees of suppliers or third parties
  • Conduct research / analysis of Company HR data
  • Contacting you to submit information, process and respond to your queries, feedback, complaints or disputes.
  • Exercise your rights and obligations towards the Company in accordance with the applicable Law.
  • Manage, monitor and control your entire working process at the Company.
  • Personnel training and supervision to ensure and improve your working capacity during your working time at the Company.
  • Communicating and promoting the Company’s brand.
  • Join cooperation with 3rd parties to provide benefits packages for you.
  • Performing recruitment activities: In this case, Bestarion may collect and process personal data for the purpose of:
    • Assess whether the candidate is suitable for a specific position.
    • Identify the candidate’s information suitable for the vacancy of Bestarion.
  • Comply with any legal requirements and make necessary disclosures as required by law, regulation,
    direction, court order or regulations applicable to Bestarion.
  • Any of the purposes described to you at the time of collection of your personal data.

4.3. For Customers, Suppliers and Partner

  • Implementation of a business cooperation contract between Bestarion and you.
  • Implement procedures to manage customer relationships and leads.
  • Implement procedures to manage suppliers and partner companies.
  • Carry out marketing and business development activities as well as market research, statistical analysis and customer surveys on Bestarion’s services.
  • Update information about changes related to Bestarion’s policies / services with you.
  • Comply with any legal requirements and make necessary disclosures as required by law, regulation,
    direction, court order or regulations applicable to Bestarion.

5. Personal Data Disclosure

Bestarion may be required to share users’ personal data with the following legal parties for the purposes
outlined in this privacy policy:

  • Third-party service providers: Bestarion shares personal data with third-party service providers who
    support Bestarion in providing services. These individuals and organizations will process personal data shared by us. When a third party acts on our behalf and in applicable cases, we will use reasonable commercial efforts to require that party to comply with the provisions of this Privacy Policy or have additional security measures to protect your information. We do not share your information with third parties unrelated unless such sharing is permitted in this Privacy Policy. These providers include, but are not limited to:
    • Information Technology (IT) service providers, cloud storage service providers, data analytics services, Generative AI Tools
    • Provider assistance with payment, insurance, health check
    • Event Partner for Bestarion
    • External consultants and professional advisors
  • Outsourcing services: When Bestarion is using personal data in the context of recruitment and providing outsourcing services, Bestarion may share personal data with clients or Bestarion believes that candidates may be suitable for specific roles or positions that the client is seeking, with the consent of the candidate / employee.
  • Parent company / subsidiary companies: Personal data may be provided to Bestarion subsidiaries or affiliated companies to process personal data on behalf of Bestarion in providing products / services. These parties are required to process personal data based on Bestarion’s instructions and in compliance with this privacy policy and they do not have independent rights to share that data. We may also disclose and transfer such information to a third-party group, the purchaser of all or a substantial portion of the company’s business (if any).
  • Compliance with laws and legal proceedings: Bestarion is responsible to court orders, legal processes, when establishing / enforcing Bestarion’s legal rights, or when defending against legal claims. Bestarion believes it is necessary to share data to investigate, prevent, or take action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Bestarion’s terms of use, or other legal requirements.

6. International Transfers

  • Your data will be stored and processed as a whole or in part in Vietnam. If you access the Bestarion
    website from a location outside of Vietnam, your use of the website is understood to mean that you agree to transfer your data outside of that country / territory and send it to Vietnam.
  • Your information and / or personal data may be transferred abroad, stored or processed outside of your country for one or more purposes. Bestarion will only transfer your personal data outside of Vietnam when it complies with the regulations of the law on personal data protection.
  • Bestarion will have the right to disclose your personal data to any third party and / or transfer it internally or externally outside of Vietnam, for the purposes listed in this policy when it has received your prior consent.
  • To ensure that personal data is stored and transferred securely, Bestarion will only transfer data to third parties when they comply with data protection laws and have secure means of transferring data.

7. Data Security

  • Bestarion has put in place appropriate security measures to prevent personal data from being lost, illegally used or accessed, altered or disclosed.
  • In addition, Bestarion also limits access to personal data to employees, contractors and other third parties whose work involves personal data. you can only process personal data when you agree to agreements with Bestarion, including responsibility for information security.
  • Bestarion has also put in place procedures to deal with suspected exposure / leakage of personal data, notifying you and relevant parties as required by law
  • Always remember that any time you voluntarily disclose and make your personal information public on the internet, that information may be collected and used by others for purposes beyond your control and ours.
  • Apart from the website administrator of Bestarion or other authorized individuals of Bestarion website, you are the only one who can access your personal information. Your registration is protected by a password to prevent unauthorized access.
  • Lastly, you are responsible for keeping your password and / or any account information confidential.
    Therefore, please be cautious and responsible for your activities on the internet. We recommend that you do not disclose your password to anyone.
  • No data transmitted over the internet can be guaranteed 100% secure. Therefore, while we make every effort to protect your personal information in accordance with legal requirements by implementing all necessary technical and legal measures, we cannot guarantee or warrant the security of any information transmitted to us and you do so at your own risk. As soon as we receive the information you send, we will take necessary measures to ensure security on our system.

8. Data Retention

Bestarion holds information necessary to comply with legal obligations, resolve disputes or enforce
agreements.

  • Bestarion may store your personal data permanently until you request it to be deleted.
  • Supplier data, reviews and feedback, transaction information will not be deleted from Bestarion’s system.
  • We also reserve the right to permanently store processed data such as encrypted data, statistical data, data in the big data system and other data that cannot be identified.

9. Children’s Privacy

  • Bestarion understands that protecting children’s privacy is especially important, so we collect and process data on the principle of protecting children’s rights and in the best interests of children.
  • Bestarion may collect and process data of children under the age of 16 in certain specific cases with the consent and consent of a parent or guardian, without requiring any additional consent.
  • To request the cessation of processing, deletion or destruction of a child’s personal data, a parent or
    guardian should contact Bestarion at dataprivacy@bestarion.com.

10. Understand Your Personal Rights

  • Under certain circumstances, you have the following rights:
    • Request access to personal data (referred to as a “data subject access request”): This allows you to receive a copy of the personal data that Bestarion holds about you and to check that Bestarion is processing them lawfully.
    • Request correction of personal data: This allows you to correct any incomplete or incorrect data your Bestarion holds
    • Request deletion of personal data: You have the right to request Bestarion to delete or remove your personal data when Bestarion has no legitimate reason to continue using them
      You also have the right to request Bestarion to delete or remove your personal data when you have the right to object to the use (see below), when Bestarion may have used your information incorrectly, or when Bestarion is required to delete personal data to comply with the law
      However, Bestarion may not always comply with these requests for legal and business reasons, and specific information will be provided to you (if applicable) when the request is received.
    • Oppose the use of personal data: When Bestarion relies on its legitimate interests (or the rights of a third party). However, the data subject feels that these activities affect their basic rights and freedoms. You also have the right to object when Bestarion uses personal data for direct marketing purposes. However, in some cases, Bestarion also has a legal basis for processing information outside of agreements with you.
    • Request to restrict the processing of personal data: This allows you to request Bestarion to temporarily stop using your personal data in the following cases:
      ✔ If you want Bestarion to establish the accuracy of the data
      ✔ If the data is being used incorrectly but you do not want it to be deleted
      ✔ If you need to retain the data even when Bestarion no longer requires it because you need to establish, exercise, or defend legal claims
      ✔ If you have objected to the use of your data by Bestarion, but Bestarion needs to verify whether it has a legitimate basis to use that data or not
    • Request to transfer personal data to you or a third party: Bestarion will provide you or a third party with your personal data in a structured, commonly used, and machine-readable format. Please note that this right only applies to automated information that you originally agreed for Bestarion to use or when Bestarion has used the information to perform a contract with you.
    • Withdraw consent at any time: When Bestarion relies on your consent to use your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In this case, Bestarion may not be able to provide certain products or services to you. Bestarion will advise you at the time you withdraw your consent.
  • No fee required: You will not have to pay a fee to access personal data (or exercise any other rights).
    However, Bestarion may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Additionally, Bestarion may refuse to comply with the request in these cases.
  • Bestarion may need something from you: Bestarion may request specific information from you to verify your identity and ensure your right to access personal data (or exercise any other rights). This is a security measure to ensure that personal data is not disclosed to anyone who is not authorized to access it. Bestarion may also contact you to request additional information related to your request to speed up the response time

Response time limit: Bestarion always tries to respond to all legitimate requests within 72 hours of
receiving the data subject’s request. Typically, your request will be processed within 1 month after
Bestarion performs the necessary verification activities to determine that you are the data subject.
Occasionally, requests may take longer to process. In this case, Bestarion will notify you of the specific time.

11. Changes to Our Privacy Policy

  • This privacy policy was last updated on August 25, 2023
  • Bestarion has the right to change or update its privacy policy at any time. If Bestarion makes changes to important content related to the processing of your personal data, Bestarion will notify you on the Bestarion website or in a public post; or by sending a notice to you via email; or by publishing on the Bestarion website; or by other means appropriate to the current law
  • You can check the last updated date of this privacy policy to see when it was last updated
  • Please review this privacy policy periodically to understand how Bestarion protects your privacy

12. Contact US

If you have any questions about this Privacy Policy or if you have any other questions regarding how we
manage, protect and / or process your personal data, please contact us. Contact us via email at
dataprivacy@bestarion.com or contact us directly at Bestarion headquarters:

  • Company name: BESTARION SOFTWARE JOINT STOCK COMPANY
  • Office Address: 3rd Floor, QTSC Building, 14th Street, Quang Trung Software City, Tan Chanh Hiep Ward, District 12, Ho Chi Minh City, Vietnam