1. INTRODUCTION
Luklak Joint Stock Company (“Luklak”, “we”, “us”, “our”) is committed to protecting the privacy and personal data of users (“User”, “you”, “your”). This Privacy Policy (“Policy”) explains how we collect, use, store, and protect your personal information when you use the Luklak platform.
Company Information:
- Legal Name: Luklak Joint Stock Company
- Vietnamese Name: Công ty Cổ phần Luklak
- Tax Code: 0109908914
- Contact Email: [email protected]
- Governing Law: Decree 13/2023/ND-CP on Personal Data Protection and related legal documents of the Socialist Republic of Vietnam
This Policy applies to all users of the Luklak platform, including individual and enterprise users.
2. SCOPE OF DATA COLLECTION
2.1. Personal Data: Information related to an identified or identifiable individual, including but not limited to: name, email, phone number, address, company information.
2.2. Business Data: Information and content that Users create, store, or process through the Platform in the course of using the Services (workflows, customer data, internal documents, etc.).
2.3. We clearly distinguish between:
- Account Data: Information necessary to provide and manage Services (controlled by Luklak)
- Content Data: Data that Users create and control within the Platform
3. TYPES OF PERSONAL DATA COLLECTED
We collect the following types of personal data:
3.1. Account Registration Information:
- Full name
- Email address
- Phone number
- Company/organization name
- Job position
- Password (encrypted)
3.2. Payment Information:
- Company name and address for invoicing
- Tax identification number
- Payment transaction information (we do not store full payment card information)
3.3. Service Usage Information:
- IP address
- Device type and browser
- Access time and Platform activity
- Features used
- System and error logs
3.4. Communication Information:
- Content of exchanges with customer support
- User feedback and reviews
3.5. Content Data (controlled by User):
- All information that Users enter, upload, or create while using the Platform
- Luklak only processes this data according to User instructions to provide Services
4. PURPOSE OF DATA PROCESSING
We collect and process personal data for the following purposes:
4.1. Providing and Operating Services:
- Creating and managing Accounts
- Providing Platform features
- Processing payment transactions
- Storing and backing up data
4.2. Customer Support:
- Responding to support requests
- Resolving complaints and technical issues
- Providing usage guidance
4.3. Service Improvement:
- Analyzing usage to improve features
- Research and development of new products
- Evaluating system performance
4.4. Security and Fraud Prevention:
- Detecting and preventing illegal activities
- Protecting system and data security
- Complying with legal obligations
4.5. Communication:
- Sending Service notifications (updates, maintenance)
- Sending invoices and payment information
- Notifying changes to Terms of Service and Privacy Policy
4.6. Legal Compliance:
- Responding to requests from competent state authorities
- Fulfilling legal obligations
5. LEGAL BASIS FOR DATA PROCESSING
We process your personal data based on the following legal grounds:
5.1. Consent: You have consented when registering and using the Services.
5.2. Contract Performance: Necessary to perform the Terms of Service between you and Luklak.
5.3. Legal Obligation: Necessary to comply with Luklak’s legal obligations (e.g., invoice retention, tax reporting).
5.4. Legitimate Interest: Necessary for Luklak’s legitimate interests (Service improvement, security, fraud prevention) provided it does not infringe on your privacy rights.
6. DATA STORAGE AND RETENTION
6.1. Retention Period:
- Account Data: Retained throughout the Account’s active period and for the time necessary to fulfill legal obligations (typically 5 years after termination per invoice and contract retention regulations)
- Content Data: Retained as requested by Users and deleted within 90 days after Service termination (unless otherwise required by law)
- System Logs: Retained for 12 months for security and troubleshooting purposes
6.2. Storage Location:
- Data is stored on servers located in Vietnam and/or reputable cloud service providers with appropriate security measures
- Specific storage location information can be provided upon request
6.3. Backup: We perform periodic data backups to ensure integrity and recoverability.
7. DATA SHARING AND DISCLOSURE
7.1. General Principle: We do not sell, trade, or rent your personal data to third parties.
7.2. Sharing in the following cases:
a) Service Providers:
- We may share data with reputable service providers to:
- Cloud storage and technical infrastructure
- Payment processing
- Data analysis (aggregated, anonymized data only)
- Customer support
- These providers are obligated to maintain confidentiality and may only use data according to our instructions
b) Legal Requirements:
- Competent state authorities according to Vietnamese law
- Courts or law enforcement agencies when there is a lawful order or request
- Protecting the rights, property, safety of Luklak or others
c) Business Transfers:
- In case of merger, acquisition, or asset transfer, data may be transferred to the successor provided they commit to protecting data according to this Policy
d) With Your Consent:
- In other cases when you have given explicit consent
7.3. Aggregated and Anonymized Data: We may share aggregated statistics or anonymized data (unable to identify individuals) for research, market analysis, or product improvement purposes.
8. CROSS-BORDER DATA TRANSFER
8.1. Principle: Your data is primarily stored and processed in Vietnam.
8.2. Data Transfer Abroad: In some cases, data may be transferred abroad when:
- Using international cloud services
- Requiring technical support from foreign partners
- You request or consent
8.3. Protection Measures: When transferring data abroad, we ensure:
- Compliance with Vietnamese law on cross-border personal data transfer
- Application of appropriate security measures
- Requiring recipients to commit to equivalent data protection
8.4. Right to Know: You have the right to be informed and object to data transfer abroad if there is no appropriate legal basis.
9. DATA SUBJECT RIGHTS
Under Vietnamese law, you have the following rights:
9.1. Right of Access: Request confirmation and receive a copy of your personal data that we are processing.
9.2. Right to Rectification: Request correction or updating of inaccurate or incomplete personal data.
9.3. Right to Erasure: Request deletion of personal data in cases where:
- Data is no longer necessary for the purpose collected
- You withdraw consent and there is no other legal basis for processing
- Data is processed unlawfully
- There is a legal obligation to delete
Note: The right to erasure may be limited if we have a legal obligation to retain data.
9.4. Right to Restriction of Processing: Request temporary suspension of data processing in certain cases (e.g., when disputing data accuracy).
9.5. Right to Withdraw Consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
9.6. Right to Complain: Lodge a complaint with competent authorities if you believe your rights have been violated.
9.7. Right to Compensation: Request compensation for damages if harmed by violations of personal data protection regulations.
How to Exercise Rights: Contact us at [email protected]. We will respond within 15 business days of receiving a valid request.
10. DATA SECURITY MEASURES
We apply appropriate technical and organizational measures to protect personal data:
10.1. Technical Measures:
- Encryption of sensitive data (passwords, payment data)
- SSL/TLS connection encryption
- Firewalls and intrusion detection systems
- Regular data backup
- Regular security updates
- Role-Based Access Control (RBAC)
10.2. Organizational Measures:
- Employee training on security and personal data protection
- Strict internal access controls
- Confidentiality agreements with employees and partners
- Security incident response procedures
- Regular security audits
10.3. Limitations: Despite our best efforts, no system is absolutely secure. You are also responsible for protecting your login information.
11. CHILDREN’S POLICY
11.1. Our Services are not directed at children under 18 years of age.
11.2. We do not knowingly collect personal data from children under 18.
11.3. If we discover we have inadvertently collected data from children under 18 without parental/guardian consent, we will delete that data immediately.
11.4. If you believe we are holding data from children under 18, please contact us.
12. POLICY UPDATES
12.1. We may update this Policy over time to reflect changes in:
- Data processing activities
- Legal requirements
- Service improvements
12.2. For significant changes, we will:
- Notify you via email or notice on the Platform
- Post the updated version on the website with a clear effective date
- Send notice at least 15 days before changes take effect
12.3. Continued use of Services after the new Policy takes effect is considered acceptance of the updated Policy.
12.4. If you disagree with changes, you may terminate use of Services and request deletion of your data.
13. PRIVACY CONTACT INFORMATION
If you have any questions, concerns, or wish to exercise your rights regarding personal data, please contact:
Luklak Joint Stock Company
Tax Code: 0109908914
Email: [email protected]
Subject line: “Personal Data Protection” or “Privacy Inquiry”
We commit to responding to your request within 15 business days.