Đóng

      Search suggestions

      ACBACB

      PERSONAL DATA PROTECTION POLICY

      ACB’s commitment to compliance with Decree No. 13/2023/NĐ-CPand the Law on Personal Data Protection No. 91/2025/QH15

      Preamble
       
      Asia Commercial Joint Stock Bank (hereinafter referred to as “ACB”, “the Bank”, or “We/Us/Our”) is committed to respecting and striving to safeguard the confidentiality and the rights of Data Subjects with respect to their Personal Data. In the course of processing the Personal Data of Data Subjects, we shall implement and comply with the provisions set forth in the Personal Data Protection Policy for Data Subjects (hereinafter referred to as the “Personal Data Protection Policy”). 

      1. DEFINITIONS & INTERPRETATIONS
      a.  “ACB” or “the Bank” or “We/Us/Our”: refers to Asia Commercial Joint Stock Bank.
      b. “Policy”: shall form an integral part of, and be read and construed consistently with, any contracts, agreements, terms, conditions, and other instruments executed between the Personal Data Subject and ACB.
      c. “Laws and Regulations”: means all legislative instruments of the Socialist Republic of Vietnam, including official letters, directives, decisions, and guidelines issued by competent authorities governing ACB’s operations and its relationship with Data Subjects.
      d. “Personal Data”: refers to any digital data or other information that identifies or can identify a specific individual, including basic personal data and sensitive personal data. Personal data that has been anonymized shall no longer be considered personal data. The categories of basic and sensitive personal data are specified in Section 5 of this Personal data protection policy.
      e. “Basic Personal Data”: refers to personal data reflecting common identity elements, frequently used in transactions and social relations, as prescribed by the Government.
      f. “Sensitive Personal Data”: refers to personal data associated with an individual’s privacy, the infringement of which may directly affect the lawful rights and interests of agencies, organizations, or individuals, as prescribed by the Government.
      g. “Data Subject”: means the individual to whom the personal data relates, including but not limited to all individual clients using ACB’s products and services, ACB employees, shareholders, job applicants, interns, sales collaborators, newly recruited or official employees, outsourced staff (staff having staff code but engaged for certain tasks through a service providers), and other individuals having legal, employment, or service relationships with ACB under legal regulations on Corporate Governance, labor relations and commissioning, including individual clients, corporate clients, financial institutional clients, agents, partners, or any other individuals arising from contractual or legal relations with ACB.
      h. “Third Party”: refers to any individual or organization other than ACB that has a legal relationship with ACB through contracts, agreements, or other commitments.
      i. “Processing of Personal Data”: means any operation or operations performed on personal data, such as collection, analysis, aggregation, encryption, decryption, modification, deletion, destruction, anonymization, provision, disclosure, transfer, and other activities impacting personal data.

      2. PURPOSE AND SCOPE OF APPLICATION
      a. This Policy aims to provide transparent information to Data Subjects regarding all matters related to the processing of personal data by ACB.
      b. This Policy addresses:
          (i) Details of the types of personal data collected from Data Subjects;
          (ii) How We process personal data;
          (iii) The purposes for which We process personal data of Data Subjects;
          (iv) Information on other organizations or individuals involved in personal data processing;
          (v) The retention period of personal data;
          (vi) Rights and obligations of Data Subjects;
          (vii) Potential risks associated with personal data processing;
          (viii) How Data Subjects may contact Us.

      3. OUR STATEMENTS AND ASSURANCES
      a. Protecting the personal data of Data Subjects is of paramount importance to Us. Accordingly, We apply the highest level of diligence and responsibility in implementing data protection measures, regularly reviewing and updating them to safeguard the rights of Data Subjects.
      b. ACB is committed to processing personal data securely and in full compliance with Laws and Regulations governing the protection of personal data of Data Subjects
      c. ACB adopts effective institutional, technical, and human resource measures to ensure personal data protection.
      d. ACB only processes personal data of Data Subjects within the extent regulated by Laws and Regulations, in this Policy, and any contract(s) or agreement(s) executed with Data Subjects.
      e. ACB proactively prevents, detects, addresses and handles any violations of personal data protection laws
      f. ACB continuously enhances technical security measures to prevent unauthorized access, reading, use, alteration, disclosure, destruction, or other unlawful processing of personal data. We also regularly review and update management and technical safeguards when processing personal data of Data Subjects.
      g. ACB publishes this Policy and relevant regulations on personal data protection to all employees. Any employee found in violation of these regulations shall be subject to disciplinary action in accordance with ACB’s internal rules and Laws and Regulations.

      4.  GENERAL PROVISIONS
      a. This Personal data protection policy forms part of the Terms and Conditions/Contracts and governs the relationship between the Data Subject and ACB. The Data Subject shall read and construe this Policy as part of such Terms and Conditions/Contracts. By registering for, using our products and services, entering into contracts with us, and/or permitting us to use or process their personal data, the Data Subject accepts the provisions set forth herein.
      b. By providing personal data of any Third Party (including but not limited to spouse, parents, children, siblings, grandparents, aunts, uncles, friends, beneficiaries, legal heirs, managers, authorized persons, partners, guarantors, dependents, contacts, and/or other individuals) to us, the Data Subject represents and warrants that they have obtained proper authorization/consent from such Third Party for the processing of their data in accordance with Laws and Regulations.
      c. In cases where a legal entity or organization (hereinafter referred to as the “Data Provider”) provides personal data to Us (including but not limited to data of representatives, chief accountants, owners, shareholders, employees, or other individuals), the Data Provider represents and warrants to Us that: (i) The Data Provider has informed such individuals that their personal data will be shared and processed by ACB; and (ii) The Data Provider has obtained valid consent from such individuals for the sharing and processing of their personal data. For the purposes of ACB’s personal data processing, We may collect and process data of Data Subjects who are minors, persons lacking or with limited civil capacity, or persons with cognitive or behavioral difficulties. Accordingly, the collection, storage, processing, and use of personal data of such individuals shall only be carried out upon obtaining valid consent from their legal representative, unless otherwise provided by law. For minors aged seven (07) years or older, ACB shall only process personal data for disclosure of private life upon obtaining consent from both the minor and their legal guardian. We shall cease processing such personal data if consent is withdrawn by the legal guardian and/or the minor, or upon request by competent authorities.
      d. Subject to Laws and Regulations and within the scope of our services, We may only provide our services and utilities upon the Data Subject’s full and unconditional consent to this Personal Data Protection Policy and ACB’s data processing rules. Therefore, any form of consent (whether through contracts, documents, General transactional terms, or any other means) of a Data Subject shall be deemed full and unconditional consent.
      e. ACB relies on the personal data provided by the Data Subject to maintain legal and service relationships. Accordingly, the Data Subject shall ensure that all personal data provided to Us is complete and accurate at all times. Withdrawal of consent for Us to process personal data may: (i) affect the validity of contracts or legal relationships between ACB and the Data Subject; and/or (ii) result in limitation, suspension, or termination of our services, as applicable. We shall not be liable for any costs, damages, or losses incurred by the Data Subject and/or any related Third Party arising from such consequences. In such cases, our lawful rights remain fully reserved, and We may continue processing personal data within the scope required or permitted by law.
      f. When necessary, We may amend, update, or adjust the contents of this Policy at any time. The latest version shall be published on our official website (www.acb.com.vn). We recommend that Data Subjects regularly check our official website for updates and remain informed of how the Bank protects their personal data. Continued use of our websites, applications, or devices shall constitute continued use of our services and acceptance of the updated Personal data protection policy.
      g. The Data Subject may encounter advertisements or other content on any website, application, or device that may link to websites or services of partners, advertisers, sponsors, or other Third Parties cooperating with ACB. The Bank does not control such content or links and shall not be liable for activities conducted by such Third-Party websites or services.
      h. Pursuant to this Policy and Laws and Regulations, the Bank and its service providers may contact the Data Subject via email, SMS, or other electronic means to provide information on our products, services, and utilities. If the Data Subject wishes to unsubscribe from such notifications, they may contact Us using the details provided in this Policy.
      i. The Bank shall retain the Data Subject’s data for the duration required by the relationship with the Data Subject and/or for such other period as necessary to fulfill mutually beneficial purposes and/or as required by Laws and Regulations.
      j. The processing of personal data may involve risks of data leakage or improper handling. We exercise the highest level of diligence and apply appropriate technical measures to control and mitigate such risks.
      k. This Policy is made in both English and Vietnamese. In the event of any inconsistency between the versions, the Vietnamese version shall prevail.

      5. TYPES OF PERSONAL DATA COLLECTED AND PROCESSED BY THE BANK
      To enable us to process requests from Data subjects (including but not limited to requests for account services, card services, credit services, deposits, fund transfers, and other services) and/or to provide general information on our products and utilities, We and any data processors engaged by Us may need to process the personal data of the Data Subject (including but not limited to activities such as collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other related actions).
      The types of personal data that may be collected and processed include, but are not limited to, the following categories, which may vary depending on the time and the nature of the relationship between the Data Subject and ACB:
       a. Basic personal data
          (i) Family name, middle name and given name and other names (if any);
          (ii) Date of birth, death or going missing;
          (iii) Gender;
          (iv) Place of birth, place of birth registration, permanent residence, temporary residence, current address, native place, and contact address;
          (v) Nationality;
          (vi) Personal image;
         (vii) Phone number, identity card number, personal identification number, passport number, driver’s license number, vehicle registration plate number, personal tax identification number, social insurance number, health insurance card number;
          (viii) Marital status;
          (ix) Information on family relationships (parents, children);
          (x) Information on an individual’s account numbers; personal data reflecting activities or activity history in cyberspace;
          (xi) Other information associated with a specific individual or enabling the identification of a specific individual not falling under Point (b) of this Article.
        b. Sensitive Personal Data
          (xii) Political opinions, religious beliefs;
          (xiii) Health status and private life recorded in medical records, excluding blood group information;
          (xiv) Information relating to racial origin and ethnic origin;
          (xv) Information on inherited or acquired genetic characteristics of an individual;
          (xvi) Information on physical attributes and unique biological characteristics of an individual;
          (xvii) Information on an individual’s sexual life and sexual orientation;
          (xviii) Data on criminal offenses and criminal acts collected and stored by law enforcement authorities;
         (xix) Client information of credit institutions, foreign bank branches, payment intermediary service providers, and other permitted entities, including: client identification information as prescribed by law, account information, deposit information, asset custody information, transaction information, and information on organizations or individuals acting as guarantors at credit institutions, bank branches, or payment intermediary service providers;
          (xx) Data on an individual’s location as determined through positioning or navigating services;
          (xxi) Other personal data prescribed by law as specific and requiring necessary security measures.

      6. METHODS OF COLLECTING PERSONAL DATA
      ACB and any data processors engaged by ACB may collect the personal data of the Data Subject from the following sources:
      a. From ACB’s official websites, through ACB’s digital products and Third-Party platforms, including websites, digital banking services, social media applications, money transfer applications, mobile applications, interactions or automated data collection technologies (such as cookies), promotional programs, contests, gift programs organized by ACB, through surveillance systems (e.g., cameras), or through Third Parties operating on cyberspace.
      b. Through cashless transactions conducted by the Data Subject at ACB’s POS terminals or using cards issued by ACB.
      c. Through direct interactions between the Data Subject and ACB or ACB’s representatives at branches, sub-branches, Headquarters, and other direct channels.
      d. Through receipt of personal data from other Third Parties. ACB relies on the commitment and confirmation from such Third Parties that they have obtained the Data Subject’s consent for: (i) providing personal data to ACB; and (ii) processing such data for ACB’s purposes under this Policy. If the Data Subject does not consent, please refrain from providing personal data to ACB.  
      e. From government agencies or competent authorities in Vietnam.
      f. From other sources permitted by law.

      7. PURPOSES OF PERSONAL DATA PROCESSING
      ACB may collect, process, and share the personal data of the Data Subject for business, operational, management, and administrative purposes of ACB, including but not limited to:
      a. Maintaining quality, developing, and providing financial, banking, and insurance products or services (offered by ACB or through ACB), including but not limited to:
          (i) Banking activities in accordance with Laws and Regulations;
          (ii) Insurance activities conducted through ACB;
         (iii) Research, planning, and statistical analysis for purposes of product and service development or improvement, security enhancement, service quality, advertising strategies, or other strategic initiatives of ACB.
      b. Communicating with the Data Subject, including providing updates on changes to products, services, and utilities (offered by ACB or through ACB), including any amendments, additions, expansions, suspensions, or replacements; and collecting feedback through surveys.
      c. Managing ACB’s infrastructure and business operations and ensuring compliance with internal policies and procedures as well as Laws and Regulations.
      d. Handling, investigating, reviewing, or responding to any complaints or disputes raised by or related to the Data Subject.
      e. Client identification and verification for the purpose of providing ACB’s facilities/products/services or for recruitment purposes.
      f. Conducting credit history checks or customer due diligence in accordance with Laws and Regulations.
      g. Credit ranking, credit rating, credit information assessment, and evaluation of the Data Subject’s creditworthiness.
      h. Complying with all Laws and Regulations, regulations, rules, official letters, directives, orders, guidelines, and/or requirements issued by any competent local or foreign authority, including regulatory bodies, government agencies, tax authorities, law enforcement, or other competent entities.
      i. Monitoring products and services provided by ACB or through ACB.
      j. Creating, adjusting, and maintaining credit and risk-related models.
      k. Preparing financial reports, regulatory reports, management reports, risk management (including credit risk monitoring), auditing, and record-keeping.
      l. Performing ACB’s duties and obligations when engaging with legal or financial advisors or complying with contracts between ACB and other Third Parties.
      m. Managing benefits or entitlements related to ACB’s relationship with the Data Subject or arising from the Data Subject’s participation in events, campaigns, or marketing promotions organized by ACB or in collaboration with Third Parties, including through ACB Rewards or similar programs.
      n. Performing assignments, transfers of rights and obligations under contracts/agreements between the Data Subject and/or Third Parties with ACB.
      o. Protecting or enforcing ACB’s rights, including rights related to debt recovery measures.
      p. Serving anti-money laundering, counter-terrorism financing, and prevention of proliferation of weapons of mass destruction purposes, complying with sanction regulations, or providing information to competent authorities as required by law from time to time.
      q. For any other purposes notified by ACB to the Data Subject at the time of personal data collection or prior to the commencement of related processing, or as otherwise required or permitted by Laws and Regulations.
      r. Providing minimum information related to payment order or fund transfer transactions (through current account or otherwise) or payments executed at ACB as required by payment service providers serving the beneficiary.
      s. Reporting to the National Credit Information Center of Vietnam regarding any instance where a check drawer has issued a check without sufficient funds and regarding lost checks.
      t. Providing information as required by beneficiary financial institutions or intermediary financial institutions in accordance with Laws and Regulations.
      u. Carrying out other activities related to ACB’s business, operations, management, and administration.
      v. Executing fund transfers between e-wallets or between e-wallets and VND-denominated accounts or debit cards linked to VND-denominated accounts opened at banks, foreign bank branches, or payment service providers of the transferor, as performance of the responsibility for providing minimum information of the transferor to banks, foreign bank branches, or payment service providers of the beneficiary, including: the transferor’s name, e-wallet number or account number, registered residential address or personal identification number; or transaction reference number (where no account exists).

      8. SHARING OF PERSONAL DATA
      To enhance the Data Subject’s experience with ACB, to facilitate payment services for beneficiaries in fund transfer transactions with the Data Subject’s consent in any form, or to comply with Laws and Regulations, ACB may share the personal data of the Data Subject with Third Parties, including but not limited to:
      a. Product and service providers to ACB, including but not limited to IT services, marketing services, market research, and training services.
      b. The National Credit Information Center of Vietnam.
      c. Professional consulting firms.
      d. Financial partners, credit institutions, and payment intermediaries having financial relationships with ACB.
      e. Competent state authorities as required by law.
      f. Any party deemed need-to-know by ACB for the purposes of personal data processing as specified in Section 7 (Purpose of personal data processing).
      g. Financial institutions acting as beneficiaries or intermediary financial institutions in accordance with Laws and Regulations.
      h. In the event ACB receives a request from a competent state authority to provide information, the Client hereby consents to ACB providing information and data related to the Client within the scope and manner required by such authority and in compliance with Laws and Regulations. The purpose and scope of use of Client information in such cases shall be determined by the state authority.
      The sharing of personal data of the Data Subject with Third Parties shall adhere to principles of confidentiality and be subject to security commitments, inspection, and supervision of data processing procedures. Third Parties shall only use the necessary personal data for the purposes of performing functions or tasks designated by ACB and/or as required by Laws and Regulations.

      9. CONSENT OF THE DATA SUBJECT & PRINCIPLES OF PERSONAL DATA PROCESSING
      a. The Data Subject’s consent to data processing may be expressed through written confirmation, verbal confirmation, ticking the consent box for Regulations on personal data processing, giving consent through required SMS format or technical settings, fingerprinting this Personal data protection policy, or any other action that clearly indicates consent.
      b. The Personal Data Subject’s consent shall comply with the following principles: Consent must be given for each specific purpose; Consent shall not be mandatory for purposes unrelated to the agreements; Consent remains valid until changed by the Data Subject or as otherwise provided by law; Silence or non-response shall not be deemed consent.
      c. ACB and the Data Subject shall adhere to the following principles when processing personal data:
         i. Provision and processing shall comply with Laws and Regulations.
         ii. Processing shall be limited to the scope known and agreed by the Data Subject, and only for purposes consistent with the agreement between ACB and the Data Subject.
         iii. Personal data shall not be bought or sold under any circumstances, except as permitted by law.
         iv. Personal data shall be stored for a period appropriate to the processing purpose and in compliance with Laws and Regulations.

      10. RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT
      a. The Data Subject may request detailed information under this Policy or request modification of their personal data held by ACB in accordance with ACB’s regulations and guidelines. Under Laws and Regulations, ACB may charge a fee for processing such information requests, depending on the nature and complexity of the request. If modification is not possible for legitimate reasons, ACB shall notify the requesting party accordingly.
      b. In addition, the Data Subject shall have the following rights under Laws and Regulations in certain cases:
          i. To be informed of personal data processing activities;
          ii. To consent or refuse consent, and to withdraw consent for personal data processing;
          iii. To view, modify, or request modification of personal data;
          iv. To request provision, deletion, or restriction of personal data processing; to submit objections to personal data processing;
          v. To lodge complaints, denunciations, initiate lawsuits, or claim compensation for damages as provided by law;
          vi. To request ACB to implement measures to protect their personal data in accordance with Laws and Regulations.
      c. These rights shall be exercised in accordance with Laws and Regulations and the agreements between the parties.
      d. Obligations of the personal data subject include:
          i. Protecting their own personal data;
          ii. Respecting and protecting the personal data of others;
         iii. Providing complete and accurate personal data in accordance with Laws and Regulations, contractual obligations, or when consenting to personal data processing;
          iv. Complying with laws on personal data protection and participating in preventing violations of personal data.
      e. When exercising their rights and obligations, the Personal Data Subject shall comply with the following principles:
          i. Act in accordance with Laws and Regulations and contractual obligations; exercise rights and obligations for the purpose of protecting their own lawful rights and interests;
          ii. Not obstruct or hinder the lawful rights and obligations of data controllers, data processors, or data controller and processors;
          iii. Not infringe upon the lawful rights and interests of the State, organizations, or other individuals.
      f. Please contact ACB (see “Contact Information” in Section 11 below) for details on how the Data Subject may request access, modification, or exercise other rights regarding personal data processing and any applicable fees.
      g. The Data Subject shall protect their own personal data and respect the personal data of others.
      h. The Data Subject shall provide complete and accurate personal data to Us in accordance with this Personal data protection policy.

      11. CONTACT INFORMATION
      If the Data Subject has any questions regarding this Personal data protection policy, please contact us:
          • At any ACB Branch/Sub-branch; or
          • By calling: (028) 38 247 247 or 1900 54 54 86.