Legal Notices


Article 1. Interpretations

1.1. “Capital Place” or “Building” refers to the Office building located at No. 29 Lieu Giai Street, Ngoc Khanh Ward, Ba Dinh District, Hanoi, Vietnam.

1.2. “Company” or “Twin-Peaks” refers to Twin-Peaks Joint Stock Company, including but not limited to its branches, affiliates, dependent units, representative office, business locations, transactions offices, staffs, employees, Building Management, contractor, agents, partners and other relevant persons of the Company.

1.3. “Customer(s)” refers to the Data Subject, organization, legal entities regardless of commercial or non-commercial legal entities, affiliates, dependent units of legal entities and other legally established entities having transaction with the Company or using Products, Goods and Services of the Company; or providing Personal Data to the Company to use the Company’s services; or providing goods and/or services to the Company; or individuals to access, verify, and register to use the Products, Goods and Services of the Company and related persons of these Data Subjects according to the provisions of Laws of Vietnam.

1.4. “Data Subject” refers to an individual to whom the data relates.

1.5. “Employee(s)” refers to the Data Subjects having labor relationship, who works for the Company under agreement, are entitled to salary and subject to management, administration and supervision of the Company and authorized person of the Company according to regulations of the relevant laws which is, including but not limited to those Data Subjects themselves, and their dependents. Within the scope of this Policy, Employees, in each case, may include candidates, apprentices, probationers, collaborators, and those who works for the Company independently and their dependents.

1.6. “Force Majeure Event” refers to all events beyond the control of the Parties, and unforeseeable, or foreseeable but unavoidable, which prevent the performance of all or part of the affected Party’s portion of the Lease, including but not limited to natural disasters, hostile acts, fires, floods, accidents, wars, terrorism, riots, military government intervention, internet problems, inability to use transport, changes in legislation, Government decisions that impede the use of the Building and any similar or other situations; For clarity, the Customer’s financial shortfall or falling into financial crisis will not be considered a Force Majeure Event.

1.7. “General Personal Data” including: 

a) Last name, middle name and first name, other names (if any);

b) Date of birth; date of death or going missing;

c) Gender;

d) Place of birth, registered place of birth; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address;

e) Nationality;

f) Personal image;

g) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, personal tax code, social insurance number and health insurance card number;

h) Marital status;

i) Information about the individual’s family relationship (parents, children);

j) Information about individual’s digital accounts; E-mail address;

k) Personal Data that reflects activities and activity history in cyberspace, including but not limited to: data related to electronic information pages/websites/social networks or mobile applications; technical data (including type of device, operating system, type of browser, browser settings, IP address, language settings, date and time of connection to the electronic information page, statistics of mobile application usage, mobile application installation, date and time of connection to the mobile application, other technical communication); account name; password; secure login details; usage data; cookie data; browsing history; clickstream data; channel viewing history; and

l) Other information pertaining to a specific person or used to identify a specific person that is not considered Sensitive Personal Data as defined in this Personal Data Protection Policy.

1.8. “Governmental Authority(ies)” means any or all of the following: the National Assembly of Vietnam, the Standing Committee of the National Assembly of Vietnam, the President of the State of Vietnam, the Government of Vietnam, the Prime Minister, the Government Office, any Ministries, any people’s committees or any of their agencies, department, or governmental bodies, and any and all other committees, ministers, councils, agencies, bodies or officers in Vietnam;

1.9. “Laws of Vietnam” means any or all applicable laws, decrees, decisions, circulars, regulations and other documents having the effect of law issued by a Governmental Authority.

1.10. “Lease Agreement” refers to the office lease agreement, retail lease agreement, and in each case will include but not be limited to addendums, amendments, memorandums of understanding, agreements, commitments and warranties, content of exchanges, notices, and content of agreements between the Company and the Customer in any form in carrying out the Company’s business activities within the permitted scopes by laws. 

1.11. “Personal Data” refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The Personal Data includes general Personal Data and sensitive Personal Data.

1.12. “Personal Data Processing” refers to one or multiple activities affecting Personal Data, including collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other relevant activities.

1.13. “Personal Data Controller”, or “Data Controller” refers to an organization or individual that decides purposes and means of processing Personal Data.

1.14. “Personal Data Processor”, or “Data Processor” refers to an organization or individual that processes data on behalf of the Personal Data Controller via a contract or agreement with the Personal Data Controller.

1.15. “Personal Data Controller-cum-Processor”, or “Data Controller-cum-Processor” refers to an organization or individual that jointly decides purposes and means, and directly processes Personal Data.

1.16. “Products, Goods, and Services”, or “Services” refers to real estate business services including but not limited to office leasing, retail areas, related utilities and any Products, Goods, or Services provided by the Company and/or appointed, authorized, or permitted by the Company in any form, in cooperation with partners that the Customer seeks, approaches, rents, buys, registers to use, uses at Capital Place.

1.17. “Personal Data Protection Policy”, or “Policy” refers to this Policy, along with the Company’s instructions, amendments, and supplements from time to time regarding to the Personal Data Processing in compliance to relevant regulations of Laws of Vietnam. 

1.18. “Permitted Use” refers to the purposes for which Personal Data are processed as set out in Article 4.3 hereof.

1.19. “Sensitive Personal Data” refers to Personal Data in association with individual privacy which, when being infringed, will directly affect an individual’s legitimate rights and interests, including:

a) Political and religious opinions;

b) Health condition and personal information stated in health record, excluding information on blood group;

c) Information about racial or ethnic origin;

d) Information about genetic data related to an individual’s inherited or acquired genetic characteristics;

e) Information about an individual’s physical traits, biometric or biological characteristics that the Customer provides to the Company, or the Company obtains during the process of the Customer purchasing and using Products, Goods, and Services;

f) Information about an individual’s sex life or sexual orientation;

g) Data on crimes and criminal acts collected and stored by law enforcement agencies;

h) Information on customers of credit institutions, foreign bank branches, intermediary  payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and intermediary  payment service providers;

i) Personal location identified via location services; and

j) Other specific Personal Data prescribed by law which requires special protection.

1.20. “Third Party” refers to an organization or individual other than the Company and Customers, Personal Data Controller, Personal Data Processor, and Personal Data Controller-cum-Processor that is permitted to process Personal Data. The Company, Customers, and Third Parties as the case may be mentioned below are collectively referred to as “Parties” and individually as a “Party”.

Article 2. General Conditions

2.1. This Personal Data Protection Policy is applicable to all Customers and Employees of the Company, and is an integral part of the contracts/agreements (including but not limited to Lease Agreement and its amendments, supplements, labor contracts, probation/apprenticeship contracts, memorandums of understanding, agreements, commitments, correspondences, Policies) in any form according to introduction, research, provision, use, maintenance and activities related to Products, Goods and Services between the Customer and the Company, including but not limited to cooperation, introduction, research , experience, registration to use, use in any form.

2.2. By this Policy, the Company notifies the Customers of the Customers’ Personal Data Processing prior to implementation of processing Personal Data. This Policy notifies the processing of Personal Data of the Company, the rights of Data Subject, explains the method of the Company to collect, use, disclose and/or process Personal Data of the Customers and the reason for collecting Personal Data. This Policy and its amendments from time to time shall be notified to the Customers in any form, including but not limited to publishing the updated Policy on the Company’s electronic information pages, electronic environment, social media (“Website”).

2.3. The collection, storage, use of Personal Data of the Customers shall be carried out only being approved by the Customers or not being prohibited by the Laws of Vietnam.

2.4. Upon the Customers accessing to the Website, or marketing products on social medias of the Company or being connected to the Company, and/or by allowing the Company to process Personal Data of the Customers in whatsoever method, and/or the Customers contacting, providing information to establish relations, research, cooperate, use the Services, lease office or retail premises at Capital Place, providing, using, maintaining, checking and assessing the Products, Goods and Services provided by the Company in whatsoever method or means, directly or indirectly, explicitly or implicitly, the Company understands that the Customers have been notified and have clearly understood, consented and accepted to this Personal Data Protection Policy. At the same time, the Customers are deemed to consent to all of this Personal Data Protection Policy to grant the Company legal rights of collecting and processing its Personal Data in whatsoever method in accordance with the Laws of Vietnam for the purpose specified in this Policy which is consistent with the applicable laws as defined in Article 4.3 below. The Customers consent and undertake to apply, coordinate, and comply with the Personal Data Protection Policy of the Company.

2.5. The Company, as the case may be, as (i) Personal Data Controller, (ii) Personal Data Processor, or (iii) Data Controller-cum-Processor, shall exercise its rights, responsibilities, and principles of processing Personal Data with respective to the provisions of the Laws of Vietnam.

2.6. This Personal Data Protection Policy is an integral part of the Lease Agreement, contracts, agreements, transactions which have been, are being and will be entered into between the Company and Customers (or Employees, as the case may be). Except otherwise provided by the Company, this Policy shall prevail in case of any conflict or contradiction with related agreements, regulations, policies in the relationship between the Customers (or Employees, as the case may be) and the Company, whether being signed before, on or after the date in which the Customers (or Employees, as the case maybe) consent to this Personal Data Protection Policy.

2.7. To the extent required and permitted by laws, the Employees of the Company is also regulated by this Policy. In that case, the mention of the Company’s Customers in Personal Data Protection Policy as the case may be, is also deemed to refer to the Employees of the Company if relevant. 

2.8. This Policy is applicable in accordance with the Laws of Vietnam. The capitalized terms, which are not otherwise defined in this Policy, shall have the same meaning given to such terms in the standard Lease Agreement, contracts, and documents of the Company.

Article 3. Rights and obligations, representation, and warranty of the Data Subject

3.1. The Customers have the following rights: (i) Right to know; (ii) Right to consent; (iii) Right to access; (iv) Right to withdraw consent; (v) Right to delete data; (vi) Right to restrict data processing; (vii) Right to provide data; (viii) Right to object data processing; (ix) Right to claim, report, sue; (x) Right to claim compensation for damages; (xi) Right to self – defense and other related rights in accordance with the Laws of Vietnam.

The Customers’ rights can be exercised by directly contacting the Company according to the contact information provided in this Policy, or any method permitted by the Laws of Vietnam on Personal Data Protection.

Notwithstanding the abovementioned provisions, the Customers understand, and hereby consent and undertake that they will not exercise any of the abovementioned rights if the exercise of such rights causes damages or affects or results to causing damages/affecting activities and/or interests of the Company.

3.2. To self-protect their Personal Data, request other relevant organizations and individuals to protect their Personal Data at the same time with respecting and protecting others’ Personal Data. 

3.3. To provide the full and accurate Personal Data to the Company upon entering into Lease Agreement or using Products, Goods and Services provided by the Company.

3.4. To implement and comply with this Policy and regulations, guidance of the Company related to Personal Data Processing of the Customers, and the provisions of the Laws of Vietnam on Personal Data Protection. To participate in preventing violations of provisions of Personal Data Protection.

3.5. To preserve electronic devices when using, ensure that mobile devices and personal computers are always locked, logged out, or log out of accounts on mobile applications and Website of the Company or the Company’s partner if there is no need to access and use of information.

3.6. To take sole responsibility for the information, data, and approval granted themselves by the Customers on the electronic environment or within the Building; to take responsibility in case Personal Data is leaked, violated by their fault.

3.7. In case of changes, adjustments of Personal Data, the Customers is obliged to immediately contact and notify the Company for timely updating such changes, adjustments. The Customers shall be liable for the delay, failure to notify or failure to notify fully, accurately such changes of information; at the same time, the Company shall be exempted from all damages, risks of the Customers and related parties (if any) arising out of or relating to such delay and failures.

3.8. Other rights and obligations in accordance with the laws.

3.9. The Customers undertake and warrant that at the time of approval to this Policy (confirm or approve in whatsoever method pursuant to relevant regulations of laws), they fully understand (i) the types of Personal Data to be processed; (ii) the purposes of the Personal Data processing; (iii) the organizations and individuals entitled to process Personal Data; (iv) the rights and obligations of Data Subject. 

3.10. With respect to any Personal Data provided to the Company hereto, the Customers represent and warrant that they have, in accordance with relevant regulations of laws on Personal Data protection, obtained the consent of the relevant Data Subject to furnish the Company such Personal Data and consent the Company to process such Personal Data for the Permitted Use herein stated. The Customers shall not claim or sue against the Company for anything implemented pursuant to the content agreed hereto. 

3.11. The Customers understand and agree that: (i) the Company shall fulfill the Customers’ request within a reasonable period of time according to the Laws of Vietnam if such request is legitimate, full and valid, and the Customers shall pay any incurred payment for handling (if any); (ii) the approval for the Company to process Personal Data of the Customers will affect directly the scope, quality, provisions of Products, Goods and Services of the Company to the Customers; and (iii) subject to the Company’s right to refer to any exemption and/or exception in accordance with the Laws of Vietnam.

3.12. The Customers understand and agree that the provisions of Personal Data of the Customers to the Company (including but not limited to the information the Company has before, during and after the Customers’ acceptance to this Policy) is the Customers’ absolute consent allowing the Company to access, process Personal Data throughout the process of carrying out the Permitted Use, starting from the Company’s receipt of information to the Customers’ request of termination of processing data and/or termination in accordance with the Laws of Vietnam, and if necessary, including transferring Personal Data abroad for Permitted Use. The Personal Data Protection Policy, once accepted by the Customers in whatsoever method, shall constitute an agreement between the Customers and the Company regarding Personal Data in the process of establishing, maintaining, and developing relationships and transactions between the Customers and the Company.

3.13. The Customers understand and agree that in case the Customers refuse to provide Personal Data (including but not limited to refusal, no response, no confirmation), withdraw their consent, request to erase data, and/or exercise other related rights for any or all of their Personal Data, the Company may consider and decide to temporarily suspend or stop providing Products, Goods, Services of the Company to the Customers due to unable to ensure standard/quality of Products, Goods and Services as assessed by the Company or stipulated by the Laws of Vietnam or Governmental Authorities to collect or process Personal Data of Customers upon providing such Products, Goods and Services. In the even the Company decides not to provide or temporarily suspend providing Products, Goods, and Services to the Customers, the acts conducted by the Customers under this regulation shall be deemed to be the Customers’ unilateral termination of Lease Agreement, related agreements, transactions for any relationship between the Customers and the Company, and may entirely result in a breach of obligations or commitments of the Customers under the Lease Agreement, other agreements between the Customers and the Company; in that case, the Company is entitled to reserve its legal rights and remedies arising from or out of the Lease Agreement and related agreements, transactions due to the Customers’ fault. The Company shall not be liable to the Customers for any loss (if any), and the legitimate rights of the Company shall be reserved clearly for limiting, restricting, suspending, cancelling, preventing, or prohibiting the provisions and maintenance of such Products, Goods, and Services. The Customers should be aware in the event the laws or Governmental Authorities stipulate that the Company must store Customers’ information in certain cases, in such case the Company shall not implement the Customers’ request for removal of information if such removal results in violating the Laws of Vietnam.

Article 4. Personal Data Processing, rights, and obligations of the Company 

4.1. Personal Data subject to processing 

To carry out and maintain the operation of the Building, and/or to perform and maintain activities for the Permitted Use, the Company, at its sole discretion, in compliance with the relevant regulations of the Laws of Vietnam and this Policy, collects and processes the following data:

a) General Personal Data of Customers or related parties in accordance with Clause 7, Article 1 hereof; and

b) Sensitive Personal Data of Customers or related parties in accordance with Clause 19, Article 1 hereof with respect to the Customers and related persons of the Customers.

4.2. Sources of Personal Data 

The Company may directly or indirectly collect the Personal Data of the Customers upon Customers’ request or during the Company’s provisions of any Products, Goods and Services to the Customers, and from either of the following sources, including but not limited to:

a) Directly from the Customers: The Company collects data during contact, work, providing Services, and the data provided by the Customers during face - to - face meetings. 

b) From Website, advertisements, marketing activities and products, and social media of the Company: The Company may collect Personal Data when the Customers access any Website, marketing activity or product, social media of the Company or use any feature, resource available on or via these Websites and data sources.

c) From mobile applications, information sheets, Customers survey forms: The Company may collect Personal Data when Customers download or use mobile applications of the Company or its vendors or partners, or the Customers access, accept and fill in information sheets, Customers survey forms with their or third party’s information notwithstanding the forms of supply.

d) From exchanges, communications with the Customers: The Company may collect the Personal Data when the Customers communicate with the Company, such as through email, phone calls, electronic communication, or any other means (including but not limited to negotiations, surveys, investigations conducted or obtained by the Company).

e) From interactions or automatic data collection technologies: The Company may collect the Personal Data of the Customers and related parties automatically recorded from the Customer’s connection to the Company via electronic environment, the social media connection procedures of other parties, or any technology capable of tracking and receiving Personal Data on those electronic pages (Facebook, YouTube, LinkedIn, etc.).

f) From Governmental Authorities: The Company may receive the Personal Data of the Customers from Governmental Authorities, such as the Fire Fighting and Prevention Police Department, Business Registration Office, Tax, securities, insurance bodies, or other competent authorities in Vietnam.

g) Public sources: The Company may receive the Customers’ Personal Data from published sources such as phone directories, advertisements/flyers, public information on the internet, the Customer’s website or electronic pages referring to the Customer, etc.

h) From suppliers, service providers, partners, affiliates, and other parties related to the Company’s business operations;

i) From events, competitions, or promotional, CSR programs organized, implemented, sponsored, or co-implemented by the Company;

j) From recording devices attached to the Company’s devices, Building, or placed at network locations, equipment locations where the Customers interact with the Company. To clarify, the Customers understand and agree that at any time and/or any location inside or outside the Building, the Company may be recording audio, video when the Customers moving, communicating, interacting with the Company, or other permitted occupiers inside or outside the Building  for the purpose of verification and identification of the Customers and permitted occupiers; and/or for the purpose of security, safety for the Customers’ and the Company’s transactions and assets within the Building boundaries;

k) From other sources that the Customers agree to share/provide Personal Data, or sources required or permitted by the Laws of Vietnam.

4.3. Purposes of Personal Data Processing 

The Company only collects, processes, and stores the Personal Data of the Customers and Employees in accordance with the regulations of the Laws of Vietnam, this Policy, the Company’s regulations, and/or Lease Agreement, contracts, agreements, documents entered into by and between the Customers, Employees, and the Company for the purpose of recording information of Customer entering/exiting the Building, execution of Lease Agreements, contracts, and related agreements in providing Products, Goods, and Services to the Customers, execution of labor relations, or for maintenance, reparation, research, development, and improvement of the quality of Products, Goods, and Services provided to the Customer from time to time.

The Company may process Personal Data for the Permitted Use, including but not limited to the following purposes:

a) Verification of accuracy, sufficiency of the information provided by the Customers; identification or authentication of the Customers’ identities and implementation of the Customers’ identification procedure; 

b) Evaluating and processing Customers’ proposal(s)/request(s) for any Products, Goods, or Services provided or co-implemented by the Company. Appraising legal profiles, compliance requirements of the Customers regarding any Products, Goods, or Services requested by the Customer, proposed, or provided by the Company;

c) Providing Products, Goods, or Services proposed or provided by the Company to the Customers (including but not limited to Products, Goods, or Services that a Third Party collaborates with the Company to provide to the Customer under agreements or as stipulated by law);

d) Advertising, marketing, providing information to the Customers about Products, Goods and Services, promotional programs, social responsibilities, research, surveys, news, updates, events, prize-winning competitions, awards, related communication activities, introductions about the Company’s Products, Goods, and Services, tenants in the Building, and services of other partners collaborating with the Company;

e) Contacting with the Customers to exchange information, provide documents or other relevant documents related to Lease Agreements, labor relationship, and the use of Products, Goods, or Services at the Building;

f) Notifying the Customer of information about obligations, rights, updates, or changes to services provided in the Building, fees, payment methods, adjustments to Internal Regulations, Tenant Handbooks, regulations at Capital Place of the Company and/or Building Management, maintenance, reparations, improvements, and enhancements to the utilities, quality of Services at the Building;

g) Preparing other related reports as stipulated by law (if necessary);

h) Conducting market research, surveys and analyzing data related to any Product, Good, or Service provided by the Company (whether conducted by the Company or another Third Party collaborating with the Company) that may be related to the Customers;

i) Protecting the legitimate interests of the Company and complying with relevant legal regulations, including but not limited to collecting fees, charges, and/or recovering any debts or handling litigations, complaints, or any agreements between the Customers and the Company;

j) Preventing or minimizing threats to the lives, health of human, and public interests;

k) To comply with, adhere to the Company’s internal policies, procedures, rule and regulation, guideline, instruction, or requirement issued by the Governmental Authorities as stipulated by law;

l) To evaluate any proposal related to the rights, benefits, or obligations under the Lease Agreement(s) between the Customers and the Company;

m) Providing to service providers/partners of the Company to perform Services for the Customers and/or the Company;

n) The Company may use the Customers’ Personal Data captured on security systems for the following purposes: (i) for public safety and the safety of our employees; (ii) detecting and deterring violations that may arise at the Building or while using the Company’s Products, Goods, and Services; (iii) detecting and deterring criminal behaviors; and/or (iv) conducting incident investigations;

o) For any purpose, or other Permitted Use required or permitted by any laws, regulations, guidelines, and/or requests of the Governmental Authorities;

p) For other purposes related to the Company’s business activities that the Company deems appropriate from time to time;

q) In any other form that the Company notifies the Customers upon collection of the Customers’ Personal Data or prior to the commencement of processing, or according to other requests or as permitted by the Laws of Vietnam; and

r) The Company will seek the Customers’ consent before using the Customer’s Personal Data for other purposes which is excluded from those stated herein.

4.4. Methods of Personal Data Processing 

Personal Data of Customers may be processed:

a) Manually;

b) Automatically (by electrical means); and/or

c) Other methods pursuant to the Laws of Vietnam.

4.5. Accuracy of data

The Company focuses on ensuring that the legally collected Personal Data is always accurate and constantly updated, which is necessary to achieve the purposes of data collection. Therefore, the Customers need to notify the Company as soon as possible of any changes to the Customers’ Personal Data.

4.6. Methods of protection 

The Company is responsible for applying necessary measures within its capacity to protect the Customers’ Personal Data and comply with the relevant regulations of the Laws of Vietnam.

The Company will protect the Customers’ Personal Data with appropriate methods or protection in accordance with the importance of the data, preventing unauthorized access, disclosure, modification, or use. The Company limits access to Personal Data to employees on a need-to-know basis.

However, please be noted that transmission of information via electronic environment is not entirely secure. Notwithstanding the Company’s effort to protect Customers’ Personal Data, the Company shall not guarantee the absolute privacy of the Customer’s Personal Data upon such transmission, and therefore the Company is not responsible for the risk of data transmission.

4.7. Security Commitment

The Company undertakes to manage Personal Data under prudent control. The Company has personnel responsible for supervising the compliance with this Personal Data Protection Policy and other security policies of the Company.

4.8. Children’s Personal Data Processing

The Company always respects and protects the Personal Data of children. In addition to the Personal Data protection measures prescribed by law, prior to the process of Personal Data related to children, the Company shall verify the age of the child and request consent from (i) the child and/or (ii) the parents or legal guardians of the child as required by law.

In addition to the compliance with other relevant laws, with respect to the processing related to the Personal Data of missing persons/deceased persons, the Company must obtain the consent of one of the relevant persons as prescribed by the Laws of Vietnam.

4.9. Sharing Personal Data and information of relevant organizations, individuals 

To implement Permitted Use and activities of processing Personal Data in accordance with this Policy, the Company may share or disclose the Customers’ Personal Data, or Personal Data of related parties of the Customers, or provided by the Customers, to Data Controllers, and/or Data Processors, and/or Personal Data Controller-cum-Processor in the following cases:

a) Employees of the Company;

b) Affiliates, dependent units, related persons of the Company;

c) Companies and/or organizations being suppliers, partners, agents, and/or consultants, professional advisers of the Company, including but not limited to companies providing elevator services, asset management, security, administration, postal services, brokerage, real estate consulting, marketing, sales, customer care, human resources, data processing, information technology, computers, payments, debt collection, market research, document storage and management, legal services, social media, telecommunications, network connections, telephones, infrastructure and technology support, workforce management, risk reporting, credit decisions, information security, data centers, conferencing, advisory services, and/or other services in connection with, or to support, the Company’s business operation;

d) The transferee as a result of restructuring, novating the suppliers of the Services provided to the Customers, or the mergers and acquisitions of the Company;

e) Sharing with Governmental Authorities in Vietnam or any regulatory body or organization/individual that the Company is allowed or required to disclose according to the provisions of the law/relevant regulations;

f) Sharing with organizations, individuals related to the development, maintenance, provision of Products, Goods and Services, or improvement of the quality of Products, Goods and Services for the Customers;

g) Sharing with organizations, individuals related to the enforcement or maintenance of any rights or obligations under the agreement(s) between the Customers and the Company;

h) Sharing with Third Parties agreed/designated by the Customers, providing on the basis of security agreement, or the Company has a legal basis to share the Customers’ Personal Data.

i) Sharing/disclosing information in other necessary cases, including: With the consent/designation of the Customers; At the request or in accordance with the regulations of the Governmental Authorities or the law; The Company transferring its rights and obligations under the agreement(s) between the Customers and the Company or under the provisions of the law; Sharing is necessary for the purpose of providing Products, Goods and Services, or improving the quality of Products, Goods and Services for the Customers.

The Company considers the Customers’ Personal Data private and confidential. Except for the aforesaid cases, the Company shall not share/disclose the Customers’ Personal Data to any other party without the Customers’ consents.

4.10. Transfer of Personal Data abroad 

To comply with the Laws of Vietnam or agreement(s) under Lease Agreement, or for Permitted Use, if necessary, Twin-Peaks may have to provide/share the Customers’ Personal Data to/with Third Parties (domestic or foreign) to fulfill and maintain Services provided to the Customers in the Building. In case of providing/sharing Personal Data abroad, Twin-Peaks shall request the receiving party to ensure that the Customers’ Personal Data is protected to an appropriate extent to maintain the security of this data. The transfer of Personal Data abroad shall be implemented in accordance with the Laws of Vietnam.

4.11. Consequences, unexpected losses

To the extent required by the laws, the Company undertakes to comply with regulations on information security and use necessary information security technologies to protect the Customers’ Personal Data from unintended disclosure, exploitation, use, or sharing. 

The Customers is recommended to secure their own information related to the Lease Agreements, labor contracts, mobile applications, login passwords, information, OTP codes and passwords for accessing or using the Customer’s Products, Goods and Services, and not to share such login passwords, OTP codes with anyone else.

The Customers hereby understand and agree that, notwithstanding the policies and measures implemented in accordance with the Laws of Vietnam by the Company, the requirements of Governmental Authorities, market practices, and the provisions of this Policy related to the processing and protection of Personal Data, the risk of Personal Data leakage may occur. The Customers are required to read carefully to understand and confirm their acceptance that some consequences, unexpected damages may occur upon the process of the Customers’ Personal Data, including but not limited to:

a) Hardware, software errors in the data processing process resulting in loss of Customers’ data;

b) Security vulnerabilities beyond the control of the Company, the system being attacked by hackers leading to data disclosure;

c) The Customers disclose Personal Data due to: negligence or fraud or accessing websites/downloading applications containing malwares, etc.

Therefore, the Company is exempted from liability for risks and damages arising from or related to aforesaid incidents, Personal Data leakage, except in cases such incidents or damages suffered by the Customers directly resulted from intentional fault of the Company.

In the event of an incident or the detection of violations of the Customers’ Personal Data, the Company will immediately notify the violations of the provisions on Personal Data protection to the Governmental Authorities according to the relevant legal regulations and make efforts to implement remedial and prevention measures.

4.12. Rights and Obligations of the Company

a) The Company has the right to process the Customers’ Personal Data once the Customers have agreed to this Policy or otherwise prescribed by relevant regulations of laws.

b) The Company has the right to request full and accurate Personal Data of the Customers, according to this Policy.

c) The Company has the right to refuse the written request of the Customers to withdraw consent, access, erase, restrict processing, providing Personal Data, and object to the processing of the Customers’ data, in accordance with regulations of the law.

d) The Company is exempt from the obligations and responsibilities in case the Customers provide the Personal Data of another individual to the Company and/or the related parties of the Company without being bound by the responsibility to obtain consent from relevant Data Subject.

e) In case the Customer has a written request for consent withdrawal and/or requests the Company to erase the data or restrict processing of the Customer’s Personal Data, the Company has the right to limit or stop providing Services to the Customer because the Company does not have sufficient data or information to provide and ensure quality of Services to the Customer. In such case, the Company is not responsible for any losses suffered by the Customers.

f) To fulfill the Permitted Use hereof, the Company shall be entitled to provide/share Customers’ Personal Data to the Third Parties no matter inside or outside of Vietnam territory where such receivers are located; or other objects defined in this Policy.

g) To carry out protective measures for the Customers’ Personal Data under the Company’s storage as prescribed by the law.

h) Other rights and obligations as prescribed herein and by the law.

Article 5. Storage of Personal Data 

5.1. The Customers’ Personal Data is stored, managed, and secured by the Company in accordance with the Company’s regulations. The Company will take reasonable measures to protect the Customers’ Personal Data in compliance with this Policy and provisions of law during storage.

5.2. The commencement of Personal Data processing: From the time Twin-Peaks receives Customer’s Personal Data, or Customer’ acceptance of this Policy, or at the time the Customer accesses information, accesses Company’s Website, interacts with any of the Company’s marketing products, registers to lease office area, retail area at Capital Place.

5.3. The termination of Personal Data processing: The data processing process ends when the Company no longer stores any Personal Data of the Customers, in accordance with the agreement with the Customers, the Company’s regulations, or other times as prescribed by the relevant Laws of Vietnam.

5.4. The Customers hereby acknowledge and agree that the Company is approved and legally empowered to store the Customers’ Personal Data for the period necessary to fulfill the Permitted Use under any agreement, contract, document signed or confirmed by the Customers and the Company in whatsoever method in accordance with the law and pursuant to this Policy, unless the storage period of Personal Data is longer if required, or as stipulated by the Company, or permitted by the Customer, or the applicable laws. If the Personal Data of the Customer no longer needs to be stored during this period, the Company may delete, erase, or anonymize that Personal Data within a reasonable time at the Company’s sole discretion.

Article 6. Amendments, supplements

6.1. The Customers unconditionally agree that the Company has the full right to change, modify, or suspend entirely or partially of this Policy, or the Services from time to time and ensures that such amendments, supplements are in accordance with the provisions of relevant laws. Any amendments, supplements, updates, or adjustments will be updated, posted on the Company’s website: and/or notified to the Customers via other means that the Company deems appropriate. The Customers are encouraged to carefully read these contents and check on the Company’s Website for updates on a regular basis related to the matters mentioned in this Personal Data Protection Policy.

6.2. To the extent permitted by the applicable laws, the Customers’ access Websites or electronic information pages, research, contact, and continued use of the Company’s Products, Goods and Services imply the Customers’ acceptance to the accordingly updated contents of this Personal Data Protection Policy.

Article 7. Contact Information 

In case the Customers have any questions, concerns related to this Personal Data Protection Policy, or issues related to the rights of the Data Subject or processing of the Customer’s Personal Data, please contact the Company:

a) Email:; or 

b) Contacting the Company’s headquarter for further support:


Address: Office Area- No.29 Lieu Giai Street, Ngoc Khanh Ward, Ba Dinh District, Hanoi City, Vietnam.

Article 8. Effectiveness

This Personal Data Protection Policy applies to the Customers from the Customers’ acceptance/agreement in whatsoever method. Matters which are not stipulated in this Policy shall be regulated in accordance with the relevant provisions of the Laws of Vietnam.

In the event of disputes, such disputes shall be settled at the Vietnam International Arbitration Center (“VIAC”) in accordance with its Rules of Arbitration. The number of arbitrators shall be one (01), the place of arbitration shall be in in Hanoi, Vietnam, and the language of arbitration shall be English.

This Policy is made bilingual in English and Vietnamese. In case of any discrepancy between the English and Vietnamese contents, the English contents shall prevail. 

For and on behalf of Twin-Peaks JSC

General Director