logo
Language:
Hotline: 028 6299 8000
Language:

Personal data protection policy

GENERAL TERMS AND CONDITIONS

REGARDING PERSONAL DATA PROTECTION AND PROCESSING

(Promulgated with Decision No. 13/2026/QĐ-SSV)

 

These General Terms and Conditions regarding Personal Data Protection and Processing (“General Terms and Conditions”) outline how Shinhan Securities Vietnam Co., Ltd. collects, processes, and protects the Personal Data of Data Subjects.

 

Article 1. Definitions

The terms used in these General Terms and Conditions are interpreted as follows (unless otherwise interpreted by law):

1.1.    “Personal Data” refers to digital data or information in other forms that identifies or assists the identification of a specific individual, including: Basic personal data and Sensitive personal data.

1.2.    “Basic Personal Data” refers to personal data reflecting common personal details and background information, frequently used in transactions and social relations, including:

a.    Surname, middle name, and given name at birth; other names (if any);

b.    Date of birth; date of death or missing;

c.    Gender;

d.    Place of birth; place of birth registration; place of permanent residence registration; place of temporary residence registration; current place of residence; hometown; contact address;

e.    Nationality;

f.     Images of the individual;

g.    Phone number; personal identification number; passport number; driver’s license number; vehicle registration plate number;

h.    Marital status;

i.     Information on family relationships (parents, children);

j.     Information on the individual’s digital accounts;

k.    Other information associated with a specific individual or capable of identifying a specific individual, other than Sensitive personal data.

1.3.    “Sensitive Personal Data” refers to personal data associated with individuals’ privacy rights that, if infringed on, directly affect legitimate rights and benefits of individuals, including:

a.    Opinions on politics, religion, and belief;

b.    Information on private life, personal secrets, and family secrets;

c.    Health status;

d.    Data revealing racial origin or ethnic origin;

e.    Biometric data and genetic characteristics;

f.     Data revealing an individual’s sexual life or sexual orientation;

g.    Data on crimes and violations of law collected and stored by law enforcement agencies;

h.    Location data of individuals determined through positioning services;

i.     Login names and passwords for access to individuals’ electronic identification accounts; images of ID cards, citizen ID cards, or 9-digit ID cards;

k.    Login names and passwords for access to bank accounts; bank card information; data on transaction history of bank accounts; financial and credit information and other information relating to financial activities and transaction history, securities, and insurance of clients at credit institutions, foreign bank branches, intermediary payment service providers, securities institutions, insurers, and other authorized organizations;

l.     Data monitoring behavior and activities related to the use of telecommunications services, social networks, online communication services, and other services in cyberspace;

m.   Other personal data that are required by law to be kept confidential or to which strict confidentiality measures must be applied.

1.4     “Personal Data Processing” refers to activities impacting Personal Data, including one or more of the following: collection, analysis, summary, encryption, decryption, modification, deletion, destruction, de-identification, provision, disclosure, transfer of Personal Data, and other activities impacting Personal Data.

1.5.    “Data Subject” refers to individuals whose Personal Data is reflected and whose Personal Data is shared with SSV, including but not limited to individuals who are SSV Clients; users on SSV’s digital platforms; individuals belonging to organizations legally related to SSV; individuals who are/belong to the parties providing products and services to SSV; collaborators, potential candidates, employees; SSV shareholders or any other individual related to or having a relationship in the use, provision of products and services, employment relationship or other legal relationship with SSV.

1.6.    “Client(s)” refers to individuals and organizations that access, inquire about, register for, use, establish relationships with, or are involved with the products and services provided by SSV.

1.7.    “Personal Data Provider” refers to the Data Subject or an individual or organization acting on behalf of or with the consent of the Data Subject to provide and allow the processing of that individual’s Personal Data.

1.8     “Company” or “SSV” refers to Shinhan Securities Vietnam Co., Ltd., including head office, branches, representative offices and transaction offices (if any).

1.9.    “Third Party” refers to organizations and individuals outside of SSV, Clients, and Data Subjects.

To clarify, any terms not explained in the General Terms and Conditions will be interpreted in accordance with Vietnamese law.

Article 2. Purpose of issuing the General Terms and Conditions

2.1.    Transparently inform Data Subjects of all policies, Conditions, and Terms related to the processing of Personal Data at SSV.

2.2.    Protect the rights of Data Subjects regarding their Personal Data.

2.3.    Ensure compliance with legal regulations on the Data Subject’s Personal Data protection policy.

Article 3. SSV’s commitment

3.1.    SSV is committed to processing Personal Data securely and carefully, in full compliance with all applicable laws and regulations regarding the protection of Data Subjects’ Personal Data.

3.2.    SSV only processes Data Subjects’ Personal Data in accordance with applicable laws and these General Terms and Conditions. SSV commits to respecting and protecting children’s Personal Data according to the principle of protecting the best interests and rights of children. Except in cases where the Data Subject’s consent is not required, in addition to the measures for protecting Personal Data as stipulated by law, before processing children’s Personal Data, SSV will verify the child’s age and request the consent of the child’s parents or guardians as required by law. In the case of children aged 7 years and older, the child’s consent is mandatory before processing Personal Data.

3.3.    SSV commits not to use, transfer, provide, or disclose to any Third Party (except for organizations and individuals authorized to process Client‘s Personal Data as listed in Clause 4, Article 5) Client’s Personal Data without the Client’s permission or consent, except in cases where the law provides otherwise.

3.4.    In the event that SSV’s information storage server or information system is compromised by a cyberattack resulting in the breach of the Data Subject’s Personal Data, SSV will be responsible for promptly notifying the relevant authorities for investigation and handling, and notifying the Data Subject.

3.5.    SSV will ensure the absolute confidentiality of all online transaction information of the Data Subject, including transaction information and digitized accounting documents, stored in SSV’s data center.

Article 4. General regulations

4.1.    These General Terms and Conditions are an integral part of the Contracts/Terms and Conditions signed between SSV and the Data Subject. They govern the relationship between the Data Subject and SSV. Clients must read and understand these General Terms and Conditions as well as the content of those Terms and Conditions/Contracts.

4.2.    Depending on SSV’s role in each situation, specifically: (i) Personal Data Controller; (ii) Personal Data Processor; or (iii) Personal Data Controller and Processor, SSV will exercise the corresponding rights, responsibilities, and principles for processing Personal Data as stipulated by applicable law.

4.3.    SSV relies on the Personal Data provided by the Data Subject to maintain legal and service relationships with the Data Subject. Accordingly, at all times, the Data Subject must ensure that the Personal Data provided to SSV is complete and accurate.

4.4.    When necessary, SSV may modify, supplement, update, or adjust the contents of the Data Subject’s General Terms and Conditions at any time.

4.5.    The Data Subject/Personal data provider understands and agrees that Personal Data (including both Basic Personal Data and Sensitive Personal Data) provided to SSV will not be limited to the Personal Data that will be provided but will also include Personal Data that has already been provided to SSV. The continued use of SSV’s services and products by the Data Subject/Data Provider, or the continuation of established transactions and agreements with SSV after the acceptance of these General Terms and Conditions, constitutes the explicit, voluntary, and affirmative consent of the Data Subject/Data Provider to allow SSV to process Personal Data (including Basic Personal Data and Sensitive Personal Data) throughout the entire process of receiving and processing Personal Data, from the moment SSV receives the information until a request to cease processing is made by the Data Subject/Data Provider or as required by law.

4.6.    When providing the Personal Data of another party (including but not limited to the Personal Data of the organization’s transaction representatives, dependents, legally related parties, guardians, friends, beneficiaries, authorized persons, partners, emergency contacts, or other individuals) to SSV, the Data Provider warrants, guarantees, and assumes responsibility that the Data Provider has provided complete information and obtained the lawful consent of the Data Subject allowing SSV to collect and process the Personal Data in accordance with these General Terms and Conditions. The Data Provider agrees that SSV is not responsible for verifying the legality and validity of such consent, and that the storage of evidence proving this consent is the responsibility of the Data Provider. The Data Provider must provide evidence of the Data Subject’s consent if SSV requests it. SSV is exempt from liability and entitled to compensation for damages and related costs if the Personal Data Provider fails to comply with the provisions of this Section.

Article 5. Contents regarding processing of Personal Data

5.1.    Purpose of SSV in processing Personal Data

SSV may collect, process, and share the Personal Data of Data Subjects for SSV’s business, operational, and management purposes, including:

  1. Verifying the identity of Data Subjects, identifying Data Subjects for the purpose of providing SSV’s facilities/products/services.
  2. Monitoring products and services provided by SSV or provided through SSV.
  3. Communicating with Data Subjects, including providing Data Subjects with updates on changes to products, services, and utilities (provided by or through SSV), including any modifications, additions, extensions, suspensions, and replacements to or related to those products, services, and utilities; and collecting Data Subject feedback through surveys.

d.    Maintaining the quality, development, and provision of securities products or services, including but not limited to activities related to securities trading and services in accordance with legal regulations.

e.    Research, planning, and statistical analysis for the purposes of developing or improving SSV’s products, services, security, service quality, advertising strategies, or other strategies.

f.     Managing SSV’s infrastructure and business operations and complying with internal policies and procedures as well as legal regulations.

g.    Resolving, investigating, or responding to any claims or disputes of or relating to the Data Subject.

h.    Complying with all applicable legislation, laws, regulations, rules, memos, directives, orders, instructions, and/or requests from any local or foreign competent authority, including regulatory, governmental, tax, and law enforcement agencies or other competent authorities.

i.     Disclosing information; reporting financial statements, regulatory reports, audit purposes, and maintaining records.

j.     Related to the performance of SSV’s duties and obligations when working with legal or financial advisors; or complying with contracts between SSV and other Third Parties.

k.    Managing benefits or rights related to SSV’s relationship with the Data Subject or arising from the Data Subject’s participation in SSV’s events, campaigns, or marketing advertisements, or in conjunction with Third Parties.

l.     Carrying out transactions involving the transfer or assignment of rights and obligations under Contracts/Agreements between the Data Subject and/or Third Parties with SSV.

m.   Protecting or enforcing SSV’s rights, including those related to debt recovery measures.

n.    Performing other activities related to SSV’s business, operation, management, and compliance with contractual agreements, including but not limited to activities such as accounting, auditing, risk control, internal control, data processing for statistical analysis, credit, and anti-money laundering;

o.    Serving, caring for, and enhancing the experience of Data Subjects during their use of SSV services.

5.2.    Types of Personal Data that may be collected and processed

The types of information listed below are subject to change depending on the time and the Client’s relationship with SSV:

  1. Data Subject information has been sent to SSV (including but not limited to information and data on contracts/documents/agreements/securities transaction data, money transactions, and other relevant information as prescribed by law, regulations of competent state agencies, and SSV regulations/notifications).
  2. Data Subject information that SSV collects through any technical means for the purpose of ensuring that SSV meets the requirements for providing information to state agencies as stipulated by law, regulations of competent state agencies, and SSV’s regulations/notifications.
  3. Information about securities transactions at SSV or through SSV’s online trading system (device type, operating system used by the Data Subject, browser type, browser settings, IP address, language settings, date/time of connection to the website, SSV trading applications, and other technical communication information).

d.    User activity history on SSV’s official digital platforms and transaction channels.

e.    Conversations between SSV and the Data Subject through SSV’s communication channels and/or conducted by SSV.

f.     Other information that is relevant, affects (directly/indirectly), or arises from/related to the establishment of a product/service supply relationship, employment relationship, or other legal relationship between SSV and the Data Subject.

g.    SSV processes the Client’s Personal Data from the moment the Client and SSV sign this Contract.

h.    The Client’s Personal Data will be processed for the period necessary to achieve the Processing Purposes and to comply with relevant legal requirements (e.g., for tax and auditing purposes), or to fulfill obligations that SSV has notified the Client of.

i.     Certain types of Personal Data may be retained for longer periods even after the Client’s relation with the Company has ended to fulfill SSV’s legal obligations under applicable laws and/or requirements of competent government authorities.

5.3.    How SSV collects Personal Data

SSV may collect Personal Data directly or indirectly from one or more of the sources listed below, including but not limited to:

  1. From direct contact with the Personal Data Provider: SSV collects information during interactions, work, service provision/use, and direct meetings with the Personal Data Provider, and receives information from the Personal Data Provider.
  2. From exchanges and communications with the Personal Data Provider when contact arises between the Personal Data Provider and SSV, such as via email, SSV’s Contact Center, electronic communication, or any other means (including but not limited to surveys and investigations conducted or obtained by SSV).
  3. From SSV’s electronic news pages when the Personal Data Provider accesses and declares Personal Data.
  4. From the mobile application when the Personal Data Provider downloads, uses, or declares Personal Data on the SSV mobile application.
  5. From interactions or automated data collection technologies: SSV may collect Personal Data of Data Subjects automatically recorded from connections of the Personal Data Provider or related parties such as cookies, plug-ins, third-party social network connection sequences, or any technology capable of tracking or collecting Personal Data on those devices or websites (such as Facebook, TikTok, Instagram, etc.).
  6. From competent state agencies such as the State Securities Commission, Vietnam Securities Depository and Clearing Corporation, stock exchanges, or other competent authorities in Vietnam.
  7. From publicly available sources such as telephone directories, advertisements/leaflets, information publicly available online, etc.
  8. From other sources where the Data Subject agrees to the sharing/provision of Personal Data, or from sources where collection is required or permitted by law.
  9. Collection methods in some special cases:
  • SSV may record, film, and process Personal Data collected from CCTV cameras in areas equipped with CCTV (including but not limited to office areas, hallways, exits, etc.) in accordance with SSV’s security requirements and those of its Clients as stipulated by law;
  • In addition to the Personal Data protection measures stipulated by law, before processing children’s Personal Data, SSV will verify the child’s age and request the consent of (i) the child and/or (ii) the child’s parent or guardian as required by law;
  • In addition to complying with other relevant legal regulations, for the processing of Personal Data related to the Personal Data of a person declared missing/deceased, SSV will have to obtain the consent of one of the persons concerned as stipulated by applicable law.

5.4.    Transfer and Disclosure of Personal Data

a.    SSV will not sell, exchange, rent, or transfer the personal information of Data Subjects in any form without the Client’s consent. However, to fulfill the purposes and operations of processing Personal Data as outlined in these General Terms and Conditions, the Data Provider understands and agrees that SSV may disclose Personal Data to one or more of the following parties:

  • SSV’s internal staff and departments for the purposes set out in these General Terms and Conditions and the documents and agreements signed between the Client and SSV.
  • SSV’s member entities, including but not limited to subsidiaries, member companies, joint ventures, and affiliated companies as defined by SSV from time to time.
  • Companies and/or organizations within the Shinhan Financial Group such as: Shinhan Bank Vietnam, Shinhan Finance Vietnam, Shinhan Life Vietnam.
  • Consulting firms, lawyers, advisors, accountants, and auditors of SSV or of the Client.
  • Competent government agencies in Vietnam or any individual, regulatory body or third party to whom SSV is permitted or required to disclose information under the laws of any country, or under any other written agreement between the third party and SSV.
  • Business partners, reward providers, gift providers, co-branded parties, participants or co-organizers of Client loyalty programs, advertisers, charities or non-profit organizations, any related entity for the purpose of operating or implementing SSV’s business, implementing or operating systems, applications or equipment, or providing the Client with any products or services of the Client’s choice, or for the purposes stated in these General Terms and Conditions.
  • Any individual or organization involved in the enforcement or maintenance of any rights or obligations under the agreements between the Client/Personal Data Provider and SSV.
  • Parents, spouse, children, and heirs of the Data Subject in the event that the Data Subject has died or been declared missing.
  • Third parties with whom the Client agrees or SSV has a legal basis to share Personal Data.

b.    SSV considers Personal Data to be private and confidential. Aside from the parties mentioned above, SSV does not disclose Personal Data to any other parties, except in the following cases:

  • With the consent of the Data Subject;
  • When SSV is requested or permitted to disclose in accordance with legal regulations; or by decision of a competent state authority;
  • When SSV transfers rights and obligations according to agreements between the relevant parties and SSV or acts in accordance with legal regulations.

5.5.    Transferring Personal Data Abroad

SSV may transfer Clients’ personal data to partners and service providers abroad for processing in accordance with the processing purposes agreed upon by the Client in Clause 5.1 of this Article. In other cases, SSV’s partners and service providers based in Vietnam may use data processing equipment and systems located outside the territory of Vietnam to process Personal Data on behalf of SSV. These cases are all considered transfers of Clients’ Personal Data abroad.

It should be noted that some countries may have lower or higher levels or practices regarding Personal Data protection than Vietnam. In all cases involving the transfer of Personal Data abroad, SSV will endeavor to implement appropriate measures to ensure the protection of Clients’ Personal Data, including signing data security agreements and commitments, selecting appropriate Third Party service providers with clearly defined mandates, and only working with these partners when they have appropriate protective measures in place. 

Article 6. Rights and obligations of the Data Subject

6.1.    Data Subjects have the following rights regarding the processing of their Personal Data at SSV:

  • To be informed about the processing of Personal Data;
  • To consent or disagree;
  • To request the withdrawal of consent for the processing of Personal Data;
  • To view, edit, or request the editing of Personal Data;
  • To request the provision, deletion, or restriction of the processing of Personal Data; to submit a request to object to the processing of Personal Data;
  • To file complaints, denunciations, lawsuits, and claims for damages as prescribed by law;
  • Other related rights as prescribed by law. The specific content of the above rights complies with current legal regulations.

6.2.    SSV, through reasonable effort, will fulfill lawful and valid requests from the Data Subject within the legally prescribed timeframe from the date of receipt of a complete, valid request and related processing fees (if any) from the Data Subject, subject to SSV’s right to invoke any exemptions and/or exceptions under applicable law.

6.3.    In the event that the Data Subject withdraws consent, requests data deletion, restricts data processing, and/or exercises related rights with respect to part or all of their Personal Data, depending on the nature and scope of the request, SSV will follow the  legalregulations and relevant procedures as follows:

a.    Potential consequences and damages

  • Actions taken in accordance with the above regulations are considered a unilateral termination of transactions by the Data Subject/Client for any relationship with SSV and may result in a breach of obligations or commitments under written agreements between the Data Subject/Client and SSV.
  • SSV is no longer able to provide products, services, and/or maintain partnerships involving the use of Personal Data. Specifically:
  • For Clients: SSV will be unable to continue conducting transactions or providing products and services, including having to suspend the operation of securities trading accounts and/or other services and products already provided.
  • For Other Data Subjects: This may lead to the termination of contracts, agreements, cessation of cooperation, or corresponding consequences as stipulated by law and agreements between the parties.

b.    Instructions on related procedures

  • To ensure the protection of rights and compliance with regulations, SSV requests that Data Subjects contact SSV using the contact information for the receiving department in Article 10and complete all necessary procedures before SSV and related organizations and individuals cease processing Personal Data as requested, specifically:
  • For Clients: complete procedures for closing securities trading accounts, terminating contracts, agreements, or discontinuing the use of related services.
  • For other Data Subjects: complete procedures for terminating contracts, agreements, ceasing cooperation, or other related procedures as agreed upon by the parties.

c.    Limitations on deleting Personal Data

  • In order to comply with legal regulations on data storage and other relevant legal regulations, SSV and related organizations and individuals may not be able to fulfill requests to delete Personal Data that has been used to conduct transactions or fulfill previous obligations of the Data Subject.

d.    Responsibilities of the Data Subject

  • SSV and related organizations and individuals will not be held responsible for any consequences or damages arising from the cessation of processing and/or deletion of Personal Data at the request of the Data Subject. Data Subjects are kindly requested to carefully read and understand the consequences outlined in Section a above.

e.    Validity of data processing before withdrawing consent and/or deleting data

-      Withdrawing consent and/or deleting data does not affect the legality of processing Personal Data that was performed prior to the Data Subject withdrawing consent and/or deleting the data.

6.4.    For security purposes, the Data Subject may need to submit their request in writing or use other methods to prove and verify their identity. SSV may require the Data Subject to verify their identity before processing their request.

6.5.    Data subjects are responsible for protecting their own Personal Data and for requesting other relevant organizations and individuals to protect their Personal Data. At the same time, data subjects will respect and protect the Personal Data of others.

6.6.    Data subjects must provide complete and accurate Personal Data to SSV when entering into contracts or using services provided by SSV.

6.7.    Data subjects shall implement and comply with the provisions of the law on the protection of Personal Data and participate in preventing and combating acts that violate the regulations on the protection of Personal Data.

6.8.    In the event of any changes or adjustments to Personal Data, the Data Subject/Data Provider and/or related parties are responsible for immediately contacting and notifying SSV so that SSV can promptly update the changes or adjustments. The Data Subject/Data Provider and/or related parties will be fully responsible for any delay in this notification; furthermore, this delay in notification will exempt SSV from any resulting damages or risks (if any).

6.9.    Data Subjects shall update information posted on SSV’s website at https://shinhansec.com.vn/uploads/chinhsachbaovethongtin.pdf and comply with any changes (if any) related to these General Terms and Conditions.

6.10. The Data Subject shall immediately notify SSV if they discover or suspect that their Personal Data has been compromised, potentially leading to risks during the use of the product or service, or any violation of the Personal Data protection under these General Terms and Conditions that the data subject may be aware of.

6.11.  The Data Subject understands and agrees that SSV has the right to refuse to fulfill the Data Subject’s requests in certain circumstances, including but not limited to: (i) the Data Subject not following the procedures instructed by SSV; (ii) the Data Subject not providing or providing incomplete documents to verify identity; or (iii) in cases where SSV assesses there are signs of fraud or violations of Personal Data Protection; or (iv) the law does not permit the fulfillment of the Data Subject’s request.

6.12. The Data Subject acknowledges that, by accepting these General Terms and Conditions, the Data Subject has been notified by SSV, is fully aware of, and agrees to all the information required to be provided before SSV processes Personal Data, as detailed in these General Terms and Conditions. The Data Subject agrees that SSV is not required to provide further notification before processing Personal Data.

Article 7. Unintended consequences and damages are likely to occur

The Data Subject notes that, while SSV always strives to ensure that Clients’ personal data is protected to the best of its ability in accordance with the law, SSV cannot completely and absolutely eliminate all risks to personal data during processing.

7.1.    The transmission of information via the Internet or SSV’s internal information systems may still carry certain risks arising from force majeure events or incidents, such as cyber security crimes like cyberattacks, cyber terrorism, unauthorized cyber espionage, disruption of data processing, or leakage of personal data. In such cases, SSV will immediately take necessary actions to prevent, remedy, and minimize potential damage to personal data, and will cooperate with competent state agencies to investigate and handle violations promptly and inform the Client in accordance with the law.

7.2.    Clients need to be aware that whenever they disclose and make their personal data public, that data may be collected and used by others for purposes beyond the control of the Client and SSV.

7.3.    Clients should be aware that, to the extent that reasonable measures have been taken to prevent harm to Personal Data, SSV will not be liable for damages caused by the actions of any Third Party that adversely affect the Client’s Personal Data and which do not originate from SSV.

Article 8. Storing Personal Data

8.1.    Personal data stored by SSV will be kept confidential. SSV will take reasonable measures to protect Personal Data when stored at SSV.

8.2.    SSV will apply international data security standards of Shinhan Financial Group on the basis of ensuring compliance with applicable legal regulations.

8.3.    SSV will store Personal Data for the period necessary to fulfill the purposes as stipulated in the documents signed by the relevant parties with SSV and in accordance with these General Terms and Conditions, unless a longer storage period for Personal Data is required or permitted by the relevant parties and applicable legal regulations.

Article 9. Amendments and additions to the General Terms and Conditions

9.1.    SSV may amend or supplement the contents of these General Terms and Conditions from time to time, ensuring that such amendments or supplements comply with relevant legal regulations. Notification of any amendments or supplements will be updated and posted on SSV’s website at https://shinhansec.com.vn/uploads/chinhsachbaovethongtin.pdf and/or communicated to the Data Subject/Client or related parties through communication channels deemed appropriate by SSV.

9.2.    To the extent permitted by applicable law, the continued use of SSV’s services and products by the Client or related parties, or the continued maintenance of transactions and agreements with SSV, signifies the Data Subject/Client/related parties’ agreement to the amended or supplemented contents of these General Terms and Conditions without any conditions attached.

Article 10. Contact information for processing personal data

For any questions regarding SSV’s processing of Data Subject’s Personal Data, please contact us using the information below:

  • For Clients:
  • Transaction support department:

Phone: 028 6299 8000

Email: cs_ssv@shinhan.com

  • Contact directly at SSV’s head office and branch locations.
  • For candidates, collaborators, and employees: SSV Human Resources Team
  • For service providers and other partners: please refer to the contact information in the relevant documents and agreements.