Data Protection Statement

 

1. GENERAL PROVISION

HENKEL ADHESIVE TECHNOLOGIES VIETNAM CO., LTD (hereinafter referred to as “Henkel” or “we”) understands the importance and always respects the privacy of Henkel’s customers (“Customers”). Henkel is committed to protecting Customer's personal data in accordance with Vietnamese laws as well as the strict requirements of Henkel.

In compliance with Decree No. 13/2023/ND-CP of the Government on the Protection of Personal Data, effective from 01 July 2023, Henkel would like to inform Customers of Customer's Privacy Policy (“Privacy Policy”). The purpose of this Privacy Policy is to outline how the Company protects the Customer's data in accordance with the Company's policies, the provisions of Vietnamese laws on the protection of personal data, and all applicable laws relating to privacy and personal data protection of Vietnam (“Privacy Laws”).

 

2. DEFINITION OF TERMS

2.1. “Personal Data” refers to electronic information in the form of symbols, letters, numbers, images, sounds, or in a similar form in the electronic environment which is associated with an individual or used to identify an individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.

2.2. “Basic Personal Data” includes: a) Last name, middle name and first name as stated in the birth certificate, other names (if any); b) Date of birth; date of death or missing; c) Gender; d) Place of birth, place of birth registration; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address; dd) Nationality; e) Personal image; g) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate number, taxpayer identification number, social insurance number and health insurance card number; h) Marital status; i) Information about the individual’s family relationship (parents, children); k) Digital account information; personal data that reflects activities and activity history in cyberspace; l) Information associated with a specific individual or helping identify a specific individual other than Sensitive Personal Data.

2.3. “Sensitive Personal Data” refers to personal data in association with an individual’s privacy which, when being infringed, shall cause a direct effect on the legitimate rights and interests of such individual, including: a) Political and religious views; b) Health status and privacy stated in medical records, excluding information on blood type; c) Information about racial or ethnic origin; d) Information related to an individual's inherited or acquired genetic characteristics; dd) Information about an individual’s physical attributes and biological characteristics; e) Information about an individual’s sex life or sexual orientation; g) Data on crimes and criminal acts collected and stored by law enforcement agencies; h) Information on clients of credit institutions, foreign bank branches, intermediary payment service providers and other licensed institutions, including: information on client identification as prescribed by law, information on accounts, information on deposits, information on deposited assets, information on transactions, information on organizations and individuals that are securing parties at credit institutions, bank branches, and intermediary payment service providers; i) Personal position identified via positioning services; k) Other personal data defined as specific by law that requires necessary protection measures.

2.4. “Data Subject” refers to an individual identified by Personal Data.

2.5. “Personal Data Processing” or “Data Processing” refers to one or multiple activities that impact on personal data, including collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.

2.6. “Company” or “Henkel” refers to Henkel Adhesive Technologies Vietnam Co., Ltd. incorporated under Enterprise Registration Certificate No. 3600450091, issued for the first time on 16 December 1999 by Department of Planning and Investment of Dong Nai Province, having its head office address at No. 7, Road 9A, Bien Hoa 2 Industrial Park, An Binh Ward, Bien Hoa City, Dong Nai Province, Vietnam.

2.7. “Customer” means an individual who approaches, learns, registers, transacts, uses products and services of Henkel, or is involved in the operation and provision of products and services of Henkel.

2.8. “Data Protection Officer (DPO)” means one or more individuals designated by the Company to ensure that the Company complies with Privacy Laws.

 

3. TYPES OF PERSONAL DATA COLLECTED AND METHOD OF COLLECTING PERSONAL DATA

3.1. In order for Henkel and/or a data processor authorized by Henkel to provide products and services to Customers, and/or handle Customer's requests, Henkel and/or the data processor may need to and/or be required to collect Personal Data, including: (i) Basic Personal Data and (ii) Sensitive Personal Data relating to Customers and individuals related to Customers.

Personal Data that may be collected and processed are the types of information listed below and are subject to change from time to time depending on the Data Subject's relationship with Henkel:

(a) Last name, middle name and first name as stated in the birth certificate, other name (if any); Date of birth; Gender;

(b) Place of permanent residence, contact address; Nationality;

(c) Personal image; fingerprints; Phone number, ID card number/Citizen identity card number, passport number, email;

(d) Information of bank account;

(e) The information shown on ID card/Citizen identity card, passport;

(f) Photos and other visuals, security camera footage and other information obtained through electronic means such as card swipe data;

(g) Other additional information related to Henkel's provision of products and services, such as information provided by Customers when Customers participate in surveys, activities on Social Network of Henkel (in Blog, Facebook Fanpage, etc.).

(h) Information about usernames or any settings the user may have chosen, personal data reflecting activity, activity history when Customers use Henkel’s website.

3.2. Henkel and/or a data processor authorized by Henkel, may collect Data Subject's Personal Data from the following sources:

(a) through the transaction between the Customer and Henkel, when the Customer provides information in the transaction records and documents, creates an account to use the service, when participating in surveys, promotions for customers;

(b) information obtained from any publicly available source, or regulatory authority;

(c) through video archives from security cameras at Henkel 's offices/customer service centers or video footage of events organized by Henkel or a unit authorized by Henkel;

(d) from third party sources with whom the Customer has consented that such third party may share/provide Customer's Personal Data, or sources where collection is required or permitted by law;

(e) information provided by the Customer via phone, email, correspondence between the Customer and Henkel;

(f) when the Customer uses Henkel 's websites, applications or social media platforms, Henkel can collect Personal Data declared or made public by the Customer. Henkel may also automatically collect Personal Data through the use of cookies, and other similar technologies whenever a Customer's web browser views our websites or materials provided by or on behalf of Henkel on another website.

 

4. DATA PROCESSING

4.1. Data Processing Purposes

Henkel collects, processes and discloses Customer's Personal Data to the extent necessary for Henkel 's business activities. In particular, the Customer agrees that Customer's Personal Data may be processed for one or more of the following purposes:     

(a) To fulfill our contractual obligations and to provide an appropriate level of service to our customers

(i) to serve the conclusion and performance of contracts and agreements/commitments (if any), including providing Customer with order status; to provide products or services that the Customer has purchased; to provide technical advice such as how to use the product or technology; to process Customer’s payments, communicating and sending notices to the Customer, to answer Customer's questions or handle claims, and other activities related to conclusion and performance of contracts;

(ii) To manage our daily business needs and events related to Customer’s participation in our promotional and product testing programs; to enable Customer to participate in one of our activities or events or to send Customer samples that Customer requests;

(iii) To learn and assess consumer preferences, needs and demand changes, to improve our current products and services and/or develop new products and services;

(iv) To facilitate/perform other activities per request to fulfill our contractual obligations and deliver appropriate levels of service to the Customer.

(b) To communicate with Customers:

(i) to verify the identity of individuals who contact us by telephone, electronic means or otherwise;

(ii) to contact the Customer or communicate with the Customer by phone/voice call, text message and/or fax message, email and/or postal mail. The Customer acknowledges and agrees that such communications by us could be by way of the mailing of correspondence, documents or notices to the Customer, which may involve the disclosure of certain personal data about the Customer to bring about delivery of the same as well as on the external cover of the envelopes/mail packages;

(c) To carry out the Company's business and other related activities:

(i) to serve accounting and financial requirements. Accordingly, Henkel collects, stores and uses Customer's data for internal business purposes, such as record filing and compliance with our legal and financial obligations. These data will be stored in accordance with applicable laws;

(ii) To comply with Henkel's operational, audit, administrative, security, and risk management policies, procedures, and processes including, but not limited to, CCTV monitoring, daily activity logs, authentication of individuals, storage and backup of email communications;

(iii) To facilitate business asset transactions (which can extend to any acquisition, merger or sale of assets) involving the Company and any Henkel’s affiliates;

(iv) Data archiving; storing, hosting, backing up (whether for disaster recovery (DR) or otherwise) of Customer's Personal Data;

(v) Internal and external publications;

(vi) To protect and enforce the Company’s contractual and legal rights and obligations;

(d) To comply with legal and regulatory requirements:

(i) To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to Henkel, including meeting the requirements to make disclosure under any law binding on Henkel and/or for the purposes of any guidelines issued by a regulatory or other competent authorities (whether of Vietnam or a country other than Vietnam), with which we or Henkel's affiliates must comply;

(ii) To comply with or as required by any request or direction of any governmental authority (whether of Vietnam or a country other than Vietnam) which we are expected to comply with; or to respond to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose the Customer's personal data to the aforementioned parties upon their request or direction.

(e) For direct marketing purposes:

Where the Customer agrees to allow Henkel to process Personal Data for the purpose of implementing marketing programs, announcements and introduction of products and services of Henkel and its partners, the Customer agrees that Henkel and/or partners of Henkel have the right to market, advertise and introduce products according to the content, form and frequency as follows:

(i) Content: Marketing and introducing advertising products of Henkel and partners of Henkel.

(ii) Method: Via advertising messages, announcements on Henkel's website and applications or other methods as prescribed by law.

(iii) Form: The Company may/will send the Customer via email, postal mail or other means of communication the marketing and promotional information and materials related to the products and/or services of Henkel or a partner of Henkel, whether such products or services are currently available or to be created in the future.

(iv) Frequency: According to the law on advertising.

In addition to the above provisions, Henkel is responsible for complying with the provisions of the law on advertising.

(the purposes set forth above shall be collectively referred to as the “Purposes”).

4.2. Methods of Processing Personal Data

From time to time and depending on each of the above Purposes, Henkel and/or the data processor authorized by Henkel may perform one or more activities that impact on personal data, including collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.

The Personal Data Processing activities may be performed by Henkel in an automatic or non-automatic manner, by electronic means or by manual means or by any other means that Henkel and/or the data processor authorized by Henkel deem appropriate.

 

5. PARTIES INVOLVED IN THE PROCESSING OF PERSONAL DATA

5.1. In order to carry out the purposes and personal data processing activities in accordance with this Privacy Policy, Henkel may transfer and disclose Customer's personal data to the following parties:

(a) staff and employees of Henkel;

(b) Henkel’s affiliated companies;

(c) the professional advisors (such as auditors and attorneys) of the Company or any of Henkel's affiliated companies;

(d) individuals, authorities or regulatory bodies or third parties to whom Henkel is permitted or required by law to disclose;

(e) service providers to Henkel (such as telecommunications service provider, information technology service provider, data storage, receiving, and processing unit, order processing unit, shipping unit, postal and delivery service provider, website functionality unit, email and text message delivery and monitoring service provider, advertising, linking and related analytics service provider, customer support and call center service provider, distribution service provider of the Company or any of Henkel's affiliated companies) to which data sharing/disclosure is necessary for Henkel to perform its obligations to the Customer;

(f) credit institutions, intermediary payment service providers;

(g) any business partner, investor, assignee or transferee (actual or potential) to facilitate business asset transactions (which may extend to any acquisition, merger, or sale of assets) involving the Company or any of its affiliates;

(h) any assignee or possible assignee of the rights and obligations of the Company or any of its affiliates;

(i) other parties agreed by the Customer or with whom Henkel has a legal basis to share the Customer's personal data.

5.2. When disclosing the Customer's personal data to third parties, the Company ensures that the third parties will secure the Customer's personal data from unauthorized access, collection, use, disclosure, processing of data information or similar risks and retain the Customer's personal data only for the period necessary to achieve the purposes mentioned above.

 

6. START TIME AND END TIME OF PERSONAL DATA PROCESSING

6.1. Data processing’s start time:

Henkel will start processing personal data from the time of receiving personal data.

6.2. Data processing’s end time:

Until the completion of the Purposes for which the data was collected or until necessary to comply with statutory obligations and to resolve any dispute or until the information provided is requested to be deleted by the Data Subject.

 

7. DATA SUBJECT’S RIGHTS AND OBLIGATIONS

7.1. Data Subject’s Rights

Under Privacy Laws, as a Data Subject, the Customer has the following rights:

(a) Right to be informed

The Customer has the right to be informed of the processing of the Customer’s Personal Data, unless otherwise provided by law. The Customer has the right to be informed about how we use the Customer's personal data and rights of the Customer in a manner that is clear, transparent and simple to understand. Therefore, we provide the Customer with the information contained in this Privacy Policy.

(b) Right to give consent

The Customer has the right to consent or not to consent to the processing of the Customer’s personal data, except as provided in Article 8 of this Privacy Policy.

(c) Right to access

The Customer has the right to access his/her personal data in order to view, modify, or request the modification of his/her personal data, unless otherwise provided by law.

(d) Right to withdraw consent

The data subject has the right to withdraw his/her consent, unless otherwise provided by law.

(e) Right to delete personal data

The Customer has the right to delete or request the deletion of his/her personal data, unless otherwise provided by law.

(f) Right to restrict the data processing

The Customer has the right to request the restriction of the processing of his/her personal data, unless otherwise provided by law;

We will implement data processing restriction within 72 hours upon receiving the Customer’s request, for all Personal Data that the Customer requests to restrict, unless otherwise provided by law.

(g) Right to obtain personal data

The Customer has the right to request us to provide him/her with his/her Personal Data, unless otherwise provided by law.

(h) Right to object to data processing

The Customer has the right to object to our processing of his/her Personal Data for the purpose of preventing or restricting the disclosure or use of personal data for advertising or marketing purposes, unless otherwise provided by law.

We will process Customer's request within 72 hours upon receiving the request, unless otherwise provided by law.

(i) Right to file complaints, denunciations and lawsuits

The Customer has the right to file complaints, denunciations and lawsuits as prescribed by law.

(j) Right to request compensation for damages

The Customer has the right to request compensation for damages as prescribed by law when there are violations of regulations on protection of his/her Personal Data, unless otherwise agreed by parties or otherwise prescribed by law.

(k) Right to self-protection

The Customer has the right to self-protection according to regulations of the Civil Code, other relevant laws, Decree 13/2023/ND-CP, and other provisions of laws, or to request competent agencies and organizations to implement civil right protection methods.

To exercise these rights, the Customer should contact us at the details provided below. The Customer needs to provide proof of his/her identity and state the rights to be exercised for our support.

In the event that the Customer withdraws his/her consent, requests data deletion and/or exercises other relevant rights with respect to any or all of the Customer's personal data. The acts performed by the Customer in accordance with these regulations may affect Henkel's ability to continue to provide its products and services to the Customer, and Henkel reserves all legal rights and remedies of Henkel in such cases. Accordingly, Henkel will not be held liable to Customer for any loss incurred and Henkel 's legal rights will be expressly reserved with respect to limitation, restriction, suspension, cancelation, prevention of the processing of Customer's data.  

7.2. Data Subject’s Obligations

According to the Privacy Laws, as a Data Subject, the Customer has the following obligations:

(a) Protect his/her own personal data; request relevant organizations and individuals to protect his/her personal data;

(b) Respect and protect others’ personal data;

(c) Fully and accurately provide his/her personal data when he/she consents to the data processing;

(d) Participate in dissemination of personal data protection skills; and

(e) Comply with legal regulations on protection of personal data and participate in prevention of the violations against regulations on protection of personal data.

 

8. PERSONAL DATA PROCESSING WITHOUT THE CONSENT OF DATA SUBJECT

Personal Data may be processed without the consent of the Customer – as a Data Subject – as required by law in the following cases:

(a) In urgent cases requiring immediate processing of relevant Personal Data to protect life and heath of the Customer or others.

(b) When Personal Data is required to be publicly disclosed in accordance with the law.

(c) When Personal Data is processed by competent state agencies in cases of urgent situations related to national defense, national security, social order and safety, major disasters, dangerous epidemics, or when there is a risk threatening security and national defense, but the situation has not reached the level of declaring a state of emergency; to prevent and combat riots and terrorism, to prevent and combat crimes and law violations as prescribed by the law .

(d) To perform the Customer's contractual obligations with relevant agencies, organizations and individuals in accordance with the law.

(e) To serve the activities of state agencies as prescribed by specialized laws.

 

9. PROTECTION OF PERSONAL DATA

9.1. Understanding the importance of personal data protection, Henkel will regularly review and update management and technical measures when processing Customer's personal data.

9.2. To the best of our ability, access to Customer’s Personal Data is limited to those who need to know. Individuals with access to data are required to maintain the confidentiality of such information.

 

10. UNDESIRABLE CONSEQUENCES AND DAMAGE THAT MAY OCCUR

10.1. Although Henkel will do its best to protect Customer's Personal Data, the transmission and storage of information is, however, vulnerable to unauthorized third-party activity. Some undesirable consequences and damages may include, but are not limited to:

(a) Hardware and software failures in the data processing that cause data loss of service providers;

(b) Security hole beyond our control, system attacked by a third party causing data leakage;

(c) The service provider arbitrarily discloses personal data due to: carelessness or fraud; access to websites/download apps that contain malware…

10.2. In the limited undesirable events, if an incident or violation is detected with respect to personal data, Henkel will proceed to notify relevant parties of the incident/breach within a period as prescribed by law, and at the same time will make efforts to overcome and minimize the consequences and damage within Henkel's ability and in accordance with applicable laws.

 

11. HOW TO CONTACT US

If the Customer wishes to exercise his/her rights, has any questions, complaints or grievances, or comments regarding this Privacy Policy and/or our processing of Customer’s personal data, please contact our Data Protection Officer at:

Address: Henkel Adhesive Technologies Vietnam Co., Ltd, No. 7, Road 9A, Bien Hoa 2 Industrial Park, An Binh Ward, Bien Hoa City, Dong Nai Province, Vietnam.

Attention: Data Protection Officer

Email: truc-phuong.tran@henkel.com

 

12. AMENDMENTS AND SUPPLEMENTS TO POLICY

Henkel reserves the right to modify this Privacy Policy from time to time if necessary. Notice of any amendment, update or adjustment will be updated, posted on the website of Henkel: https://www.henkel.com/  and/or sent to the Data Subject through other means of communication that Henkel considers appropriate.