PERSONAL DATA PROCESSING

PERSONAL DATA PROCESSING

Dear Valued Customers,

Pursuant to Decree No. 13/2023/NĐ – CP on Personal Data Protection issued by Government, Twin – Peaks Joint Stock Company (“Twin – Peaks”, or “Company”) respectfully informs Customers regarding to Personal Data processing activities (“Notice”) and Personal Data processing principles implemented by Twin – Peaks in accordance with the Laws of Vietnam as follows:

1. Type of Personal Data

Processed Personal Data includes basic Personal Data, sensitive Personal Data and other data as provided by the Laws of Vietnam which is deemed as Personal Data.

Basic Personal Data” includes: Name; Date of birth/death or missing; Gender; Place of birth/birth registration, residential places, hometown, contact address; Nationality; Personal image; Phone number, ID card/personal identification number, passport number, driver’s license number, license plate number, personal tax code, social insurance number, health insurance card number; Marital status; Information about family relationships; Information about digital accounts; e – mail; Personal Data reflecting activities, history of activities on cyber space; account name;  password; secure login details; usage data; and other information pertaining to or identifying a specific person which is not Sensitive Personal Data in Personal Data Protection Policy of the Company.  

Sensitive Personal Data” is Personal Data pertaining to individual’s privacy that, when violated, will directly affect the individual’s legitimate rights and interests, including: Political views, religious views; Health status and personal life recorded in medical records, excluding information about blood type, Information relating to racial origin, ethnic origin; Information about inherited or obtained genetic traits of individual; Information about the individual’s ethnic origin, physical attributes, unique biological traits of individual that the Customers provide to the Company or the Company obtains during the Customers' purchase and use of Products, Goods, Services; Information about individual’s sex life; Data on crimes, criminal acts collected, stored by law-enforcement agencies; Client Information of credit organizations, branches of foreign bank, intermediary payment service providers, other authorized organizations; Data about individuals’ location determined by locator service; and other Personal Data prescribed by the Laws of Vietnam as specific and requiring necessary security measures.some text

2. Processing purposes

The Company only collects, processes and stores Personal Data of Customers, Employees  in accordance with the Laws of Vietnam, Personal Data Protection Policy of the Company, Company’s regulations, and/or Lease Agreement, contracts, agreements, documents entered into between Customers, Employees and the Company for the purposes of executing the Lease Agreement, contracts and related agreements in providing Products, Goods, Services to Customers, implementing labor relations, or for the purpose of maintenance, reparation, research, development, improving the quality of Products, Goods, Services provided to Customers from time to time (“Permitted Use”).

The Company may process Personal Data for the Permitted Use, including but not limited to the following purposes:

a) Verifying information provided by Customers; identifying and verifying Customers’ identity;

b) Evaluating and processing Customers’ request/demand(s) for any Products, Goods, Services provided or co – implemented by the Company;

c) Providing Products, Goods, Services recommended or provided or cooperatively provided by the Company to Customers;

d) Advertising, marketing, research, surveys, informing, updating information, events, contest, prize – winning competition, media activities, related introduction to Products, Goods, Services of Company, tenants of the Building, and services of partners of the Company;

e) Contacting the Customers to exchange information, furnish documents related to the Lease Agreement and the use of Products, Goods, Services at the Building;

f) Notifying Customers of information about obligations, rights and interests, updates or changes of provided services within the Building, fee rate, payment method, adjustments of Internal Regulations, Tenant Handbook, regulations at Capital Place of the Company and/or Building Management, maintenances, reparations, improvements and enhancement of utilities, quality of Products, Goods, Services at the Building;

g) Preparing other related reports in accordance with the law (if any);

h) Conducting market research, survey and data analysis related to any Products, Goods, Services provided by the Company (whether performed by the Company or other Third Party cooperating with the Company) which may be relevant to the Customers;

i) Protecting the legitimate interests of the Company and complying with related provisions of law, including but not limited to collecting fees, charges and/or recover any debt, or handling litigations, complaints, or  any agreement between the Customers and the Company;

j) Preventing or minimizing threats to the life, health of others and public interests;

k) To comply with, adhere to the Company's internal policies, procedures, and any rule, regulation, guideline, instruction, or requirement issued by the Governmental Authorities as stipulated by law;

l) To evaluate any proposal related to the rights, benefits, or obligations under the Lease Agreement(s) between the Customers and the Company;

m) Providing to service providers/partners of the Company to perform Services for the Customers and/or the Company;

n) The Company may use the Customers’ Personal Data captured on security systems for the following purposes: (i) for public safety and the safety of our employees; (ii) detecting and deterring violations that may arise at the Building or while using the Company’s Products, Goods, and Services; (iii) detecting and deterring criminal behaviors; and/or (iv) conducting incident investigations;

o) For any purpose, or other Permitted Use required or permitted by any law, regulation, guideline, and/or request of the Governmental Authorities;

p) For other purposes related to the Company's business activities that the Company deems appropriate from time to time;

q) In any other way that the Company notifies the Customers upon collection of the Customers' Personal Data or prior to the commencement of processing, or according to other requests or as permitted by the Laws of Vietnam; and

r) The Company will seek the Customers' consent before using the Customer's Personal Data for other purposes which is excluded from those stated in this Personal Data Protection Policy.

3. Methods of Personal Data Processing

Customers’ Personal Data Processing includes activity(ies) affecting Personal Data, such as collecting, recording, analyzing, validating, storing, correcting, disclosing, combining, accessing, retrieving, withdrawing, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, easing, deleting Personal Data, other related actions or any other activities which is defined by law from time to time as processing Personal Data. Personal Data Processing may take place at any time, including automatic processing of Personal Data and transfer of Personal Data abroad.

Personal Data of Customers may be processed:

a) Manually;

b) Automatically (by electrical means); and/or

c) Other methods consistent with the regulations of the Laws of Vietnam.

4. Related parties

Twin-Peaks may process and provide Personal Data of Customers to partners, contractors, organizations and other agencies, including foreign units and government agencies (if any) for the Permitted Use, including but not limited to employees, member companies, affiliates, subsidiaries/parent companies, organizations, partners related to or having cooperative relationships with Twin- Peaks; others related to Twin-Peaks; individuals and organizations designated to distribute and provide services to Customers; organizations, partners, contractors/subcontractors supporting and providing services to Twin-Peaks, supporting Twin-Peaks in collecting and processing Customers’ data and information; audits, or individuals, agencies, or organizations to whom Twin-Peaks must provide information according to (i) liabilities, or (ii) provisions of law, or (iii) requests of management agencies and authorities.some text

5. Commitment to protecting Personal Data and consequences, unintended damages

The Company commits to, with all necessary and reasonable efforts, process Personal Data of Customers in a safe and secure manner and ensuring Customers' rights in compliance with the law.

Nevertheless, the Internet and electronic information networks and information technology environment are not a safe environment and the transmission and sharing of Customers’ data may have potential risks, therefore, the Company shall not guarantee that Personal Data of Customers is always confidential. The Company commits not to exchange or lease Personal Data of Customers without Customers’ consent or sell Personal Data of Customers in whatsoever method.

The Customers understand and agree that, regardless of the policies and measures implemented in accordance with the regulations of the Laws of Vietnam by the Company, the requirements of Governmental Authorities, market practices, and the provisions of Personal Data Protection Policy related to the processing and protection of Personal Data, the risk of Personal Data leakage may occur. The Customers are required to read carefully to understand and confirm their acceptance that some consequences, unintended damages may occur upon the process of the Customers' Personal Data, including but not limited to:

a) Hardware, software errors in the data processing process resulting in loss of Customers’ data;

b) Security vulnerabilities beyond the control of the Company, the system being attacked by hackers leading to data disclosure;

c) The Customers disclose Personal Data due to: negligence or fraud or accessing websites/downloading applications containing malicious software, etc.

Therefore, the Company is exempted from liability for risks and damages arising from or related to aforesaid incidents, Personal Data leakage, except in cases such incidents or damages suffered by the Customers is due to the direct intentional fault of the Company.

In the event of an incident or the detection of violations of the Customers' Personal Data, the Company will immediately notify the violations of the provisions on Personal Data protection to the Governmental Authorities according to the relevant legal regulations and make efforts to implement remedial and prevention measures.

6. Data processing time

Processing of Personal Data shall commence from the time Twin-Peaks receives Customer’s Personal Data, or Customer’ acceptance of this Personal Data Protection Policy, or at the time the Customer accesses information, registers to lease office area, retail area at Capital Place. Twin-Peaks will maintain the processing of Customers' Personal Data for the period of time in which Customers enter into contracts, agreements, and documents with Twin-Peaks. The Company may also store Personal Data of Customers for a period of time as stipulated by the law.some text

7. Contact Information

In case the Customers have any questions, concerns related to this Personal Data Protection Policy, or issues related to the rights of the Data Subject or processing of the Customer's Personal Data, please contact the Company:

a) Email: tenant.relations@capitalplace.vn; or

b) Contacting the Company’s headquarter for further support:

TWIN-PEAKS JOINT STOCK COMPANY

Address: Office Area – No.29 Lieu Giai, Ngoc Khanh Ward, Ba Dinh District, Hanoi, Vietnam.

8. Miscellaneous

For online transactions, the Data Subject expresses their consents for Personal Data Processing under this Notice by checking/ selecting or continuing to access the Website or the Company’s social networks, or by registering, exploring, or utilizing the Services of the Company.

In case Customers do not accept the terms or withdraw consent or any request or activity restricting the processing of Customers’ Personal Data, such request or activity may, as the case may be, causes the provision of products, services, features on Website, Twin-Peaks’ applications or devices to be interrupted, limited, restricted, suspended, canceled, prevented, or prohibited. The Company shall not be liable to the Customer for any loss arising in connection with such limitation, restriction, suspension, cancellation, prevention, or prohibition.

This Notice is an integral part of the Personal Data Protection Policy.

The Customers are encouraged to check, update the information, and notice on a regular basis to be informed any changes made by the Company on the Personal Data Protection Policy in accordance with the law.

Your faithfully!