Personal Data Protection Policy - HANOI MARATHON
Personal Data Protection Policy
Article 1. General Provisions
1.1 Đức Hương Anh Co., Ltd (“DHA”) establishes this Personal Data Protection Policy (“Personal Data Protection Policy”) to outline DHA’s activities related to the processing of personal data of Runners / Customers of DHA.
1.2 This policy is publicly announced and disclosed on DHA’s website at https://hanoi-marathon.com. By using any products, services, conveniences, and/or establishing any transactions or relationships with DHA, you are required to read, understand, and agree to apply this Policy.
1.3 This Personal Data Protection Policy is an inseparable part of the marathon participation registrations and the contracts, agreements, proposals, registrations, and other agreements that the Runners / Customers have signed with DHA.
1.4 We respect your privacy and are committed to keeping your personal information and other data confidential and secure
Article 2. Definitions
2.1. “Runners / Customers” means the data subjects whose personal data has been and is being processed by DHA.
2.2. Personal data refers to information in the form of symbols, text, numbers, images, sounds, or similar forms in an electronic environment that is associated with a specific person or helps to identify a specific person. Personal data includes basic personal data and sensitive personal data as specified in Article 4.
2.3. Processing personal data refers to one or more activities that impact personal data, such as: collecting, recording, analyzing, confirming, storing, editing, publicly disclosing, combining, accessing, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other related actions.
2.4. A third party refers to individuals or organizations not belonging to DHA’s legal entity and who have contracts with DHA for providing products, services, and programs, including but not limited to:
- 2.4.1. Independent individuals or companies;
- 2.4.2. Organizations directly or indirectly owned by DHA;
- 2.4.3. Suppliers and other partners or organizations.
Article 3: Objectives and Scope of the Policy
3.1 DHA understands that when Runners / Customers interact, communicate, establish relationships, conduct transactions, and/or access and/or use DHA's channels, platforms, and applications (directly, through electronic information pages, mobile applications, through partners, agents, third parties...), Runners / Customers are always concerned about and consider the issue of data security. DHA always respects and protects the privacy and security of Runners / Customers’ data.
3.2 Depending on DHA’s role in each specific situation, whether as (i) the Controller of personal data; (ii) the Processor of personal data; or (iii) both the Controller and Processor of personal data, DHA will perform corresponding powers and responsibilities in accordance with current legal regulations.
3.3 This policy is developed to be announced and notified to Runners / Customers about:
3.3.1 The purpose and duration of processing Runners / Customers' data, as well as the type of data being processed;
3.3.2 Measures, methods, and locations of processing personal data (including data of Runners / Customers and/or their related persons as required by law and/or necessary for DHA to collect and process). By providing related persons' data, Runners / Customers ensure and bear responsibility that they have obtained the consent of the related persons for DHA to process their data for the purposes stated in this policy;
3.3.3 Measures to protect Runners / Customers' data and mechanisms for Runners / Customers to exercise their legal rights concerning their data;
3.3.4 Organizations and individuals who process Runners / Customers' data; other organizations and individuals related to the processing purposes of Runners / Customers' data; and possible consequences or damages that may occur when Runners / Customers' data is processed.
Article 4. Classification of Personal Data Collected by DHA
DHA or its representatives, under this Personal Data Protection Policy, may collect various types of personal data depending on jurisdiction and applicable law. The categories listed below include but are not limited to, and may vary depending on the application, product, service, or interactive program of the Runner/Customer with DHA.
4.1 Basic Personal Data:
Last name, middle name, and first name, other names (if any); Date of birth; Gender; Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address; Nationality; Personal images (including images, information obtained from photography systems, video recording cameras, security camera systems); Phone number, ID card number, citizen identification number, passport number, personal tax code… Information about the Customer’s related persons; Bank account information; Tax data information; Personal data reflecting activities, online activity history; Other information associated with or helping to identify the Customer not included in the sensitive personal data group listed below (including information about personal account numbers; personal data reflecting activities, online activity history…).
4.2 Sensitive Personal Data:
Political views, religious views; Health status and private life recorded in medical records, excluding blood group information; Information related to racial origin, ethnic origin; Information on inherited or acquired genetic characteristics of an individual; Information on physical attributes, unique biological traits of an individual; Criminal data, criminal acts collected and stored by law enforcement agencies; Customer information of credit institutions, branches of foreign banks, intermediary payment service providers, other authorized organizations, including: customer identification information as prescribed by law, account information, transaction information, information about organizations or individuals acting as guarantors at credit institutions, branches of banks, intermediary payment service providers; Location data of individuals identified through location services; Other personal data stipulated by law as unique and requiring necessary security measures.
4.3 Data Related to Websites or Applications:
Technical data (including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Website, application usage statistics, application settings, date and time of connection to the Application, location data, and other technical communication information); Account name; Password; Security login details; Usage data, etc.
4.4 Marketing Data:
Advertising interests; Cookie data; Clickstream data; Browsing history; Responses to direct marketing; and opt-out choices from direct marketing, etc.
Article 5. Sources and Methods of Collecting Personal Data
Including but not limited to the sources described below, DHA may directly or indirectly collect the personal data of Customers when Customers request or during the process of DHA providing any products or services to Runners/Customers.
5.1 Directly from Customers:
DHA collects during interactions, work, service provision, direct meetings with Customers, and information provided by Customers.
5.2 From DHA’s Websites:
DHA may collect personal data when Runners/Customers access and register on any of DHA’s websites or use any features or resources available on or through the Website. When Runners/Customers access the Website, DHA collects information about the Customer’s device and browser (such as device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Website, and other technical communication information), all or some of this information may constitute personal data.
5.3 From DHA’s Mobile Applications:
Personal data may be collected by DHA when Customers download or use DHA’s mobile applications. These applications may record certain information (including Application usage statistics, device type, operating system, Application settings, IP address, language settings, date and time of connection to the Application, location data, and other technical communication information), all or some of this information may constitute personal data. Applications used by DHA may have their own Privacy Policies, which Runners/Customers should review before using the related Application.
5.4 From Services that DHA and Runners/Customers jointly use:
Personal data may be collected by DHA when Customers register to use any services provided through the Website or Application or log into the Website or Application; or transact through third parties and other means jointly used by DHA and Runners/Customers.
5.5 From exchanges and communications between DHA and Customers:
Personal data may be collected by DHA when Runners/Customers contact DHA (in person, by mail, phone, online, electronic communication, or any other means), including third parties and surveys of DHA's Runners/Customers.
5.6 From interactions or automatic data collection technologies:
Information may be collected by DHA including IP address, referring URL, operating system, electronic browser, and any other information automatically recorded from the connection.
5.7 Any other means:
Personal data may be collected by DHA when Runners/Customers interact with DHA through any other means.
5.8 From third parties:
- 5.8.1. DHA may receive personal data of Runners/Customers from related third parties according to their current lawful privacy policies, if Runners/Customers interact with content or advertisements on those third parties' Websites or Applications.
- 5.8.2. DHA may receive personal data of Runners/Customers from third parties (such as payment service providers, ticket agents, etc., with the purpose of performing that service) if Runners/Customers choose their services such as payment, direct registration with DHA or through Websites or Applications, or ticket agents... from third parties.
- 5.8.3. To comply with its obligations under applicable law, DHA may receive personal data about Runners/Customers from law enforcement agencies and government authorities as stipulated by law.
- 5.8.4. From public sources (such as telephone directories, advertising information/brochures, information publicly disclosed on Websites, etc.), DHA may receive personal data about Runners/Customers.
- 5.8.5. Whenever collecting such personal data, DHA understands, trusts, and ensures that related third parties have obtained the consent of Runners/Customers for: (i) providing personal data of the third party to DHA; and (ii) processing the data for DHA’s purposes as stated in this Personal Data Protection Policy. If Runners/Customers do not agree, please do not provide your personal data to the third party.
5.9 DHA may receive personal data of Runners/Customers from other sources
DHA may receive personal data of Runners/Customers from other sources that Runners/Customers agree to share/provide personal data, or sources required or permitted by law to collect.
Article 6. Purposes of Processing Runners/Customers' Personal Data
DHA may process personal data of Runners/Customers for the following purposes, including but not limited to:
6.1 Use Customer information to provide products, services, programs; implement DHA’s promotional, preferential, and support programs.
6.2 Use and analyze Customer information to develop, provide, continuously improve and enhance the quality of services, products, and programs aimed at better meeting the needs of Runners/Customers.
6.3 Use Customer information to send Runners/Customers information related to transactions and needs of Runners/Customers, in accordance with applicable direct marketing laws.
6.4 Use Customer information for online advertising or advertising based on the needs and interests of Runners/Customers, in accordance with applicable direct marketing laws.
6.5 Display content of the Website, Application, device, and any customizations for Runners/Customers to choose from.
6.6 Manage content, promotions, surveys, or other features of the Website, Application, device; or survey platforms.
6.7 Send communications about managing Runners/Customers' accounts and features of the Website, Application, or device.
6.8 Verify identity and ensure the security of Runners/Customers' personal data.
6.9 Protect against fraud, identity theft, and other illegal activities.
6.10 To establish, enforce legal rights or defend DHA's legal claims.
6.11 Comply with applicable law, relevant industry standards, and other current DHA policies.
6.12 Use Customer information to inform Customers about changes to products, services, and programs in case of changes in state management policies, legal regulations, market fluctuations, or changes, or updates to DHA’s Regulations/Policies.
6.13 Serve anti-money laundering, counter-terrorism financing, comply with embargoes or send to competent authorities as prescribed from time to time.
6.14 Footage from documentary or surveillance cameras (CCTV), in specific cases, may also be used for the following purposes: (i) for quality assurance and fraud prevention purposes; (ii) for public security and occupational safety purposes; (iii) detect and prevent suspicious, inappropriate, or unauthorized use of our facilities, products, services, programs, and/or premises; (iv) detect and prevent crime; and/or (v) conduct investigations of incidents as requested by state authorities.
6.15 Other purposes according to the relevant Agreement when Runners/Customers participate in events/use services of DHA.
6.16 Any other purpose specific to DHA’s business activities.
6.17 In any other manner that DHA notifies Runners/Customers at the time of collection of personal data or before the commencement of related processing or other requests or as permitted by applicable law.
Article 7. Rights and Obligations of Runners/Customers Regarding Personal Data Collected by DHA
7.1 Rights of Runners/Customers:
(i) Right to be informed; (ii) Right to consent; (iii) Right to access; (iv) Right to withdraw consent; (v) Right to data deletion; (vi) Right to restrict data processing; (vii) Right to data portability; (viii) Right to object to data; (ix) Right to complain, denounce, and sue; (x) Right to claim compensation; (xi) Right to self-protection and other related rights as stipulated by law. Runners/Customers may exercise their rights at any time by contacting DHA through its representative or through other channels that DHA may notify.
7.2 Rights of request DHA to support access
Runners/Customers have the right and/or may request DHA to support access to and correction of their personal data held by DHA.
7.3 Right to make requests to DHA through DHA's representative or other channels
Runners/Customers have the right to make requests to DHA through DHA's representative or other channels that DHA may notify if they wish to access their personal data held by DHA or if they believe the personal data held by DHA is inaccurate, incomplete, misleading, or not up to date and needs to be corrected. Upon receiving a valid request and processing fee (if any) from the Runners/Customers, DHA will, to the best of its efforts, help Runners/Customers access or correct the personal data as requested.
7.4 Right to request DHA to identify a violation
When Runners/Customers identify a violation in the processing of their personal data, they have the right to request DHA, within its capabilities, to prevent or restrict the disclosure of their personal data, except where otherwise stipulated by law.
7.5 Right to request DHA to process their data based on their consent
Runners/Customers have the right to request DHA to process their data based on their consent for the purposes of this Personal Data Protection Policy, except where otherwise stipulated by law.
7.6 Right to complain, denounce, sue, claim compensation, and self-protection
Please note that other rights such as the right to complain, denounce, sue, claim compensation, and self-protection of Runners/Customers will follow legal regulations unless there is another agreement between Runners/Customers and DHA that complies with the law.
7.7 Responsible for protecting their personal data
Runners/Customers are responsible for protecting their personal data; requesting other organizations or individuals involved to protect their personal data, and at the same time, respecting and protecting the personal data of others.
7.8 Obligation of providing complete and accurate personal data
Runners/Customers are obligated to provide complete and accurate personal data to DHA when entering into contracts or using services provided by DHA.
7.9 Responsible for implementing and complying with legal regulations
Runners/Customers are responsible for implementing and complying with legal regulations on personal data protection and participating in preventing violations of personal data protection regulations.
7.10 DHA can allow corrections as requested
Please note that DHA may, at its discretion, allow corrections as requested and/or may require additional documentation to substantiate the new data to avoid fraud and inaccuracies.
Article 8. Measures for Protecting Runners/Customers' Personal Data
8.1 DHA is committed to processing Runners/Customers' personal data safely, securely, and ensuring the rights of Runners/Customers concerning data processing activities under applicable law.
8.2 DHA applies appropriate data processing methods and appropriate technical and organizational security measures to prevent unauthorized access, reading, use, alteration, provision, destruction, or other processing of personal data.
However, the Internet is not a completely secure environment, and DHA cannot guarantee that personal data shared over the Internet will always be secure. When Runners/Customers use the Internet to transmit personal data, they should only use secure systems to access websites, applications, or devices. Runners/Customers are responsible for keeping their access credentials for each website, application, or device safe and confidential. Runners/Customers should immediately notify DHA if they detect any misuse of their login information and change their access password immediately.
Article 9. Provision of Runners/Customers' Personal Data
9.1 DHA will not sell, exchange, or rent (temporarily or permanently) Runners/Customers' personal data without the consent of Runners/Customers in accordance with applicable law.
9.2 To serve the purposes stated in Article 6 of this Personal Data Protection Policy, and with agreements made with related parties regarding the obligation to protect Runners/Customers' data and compliance with privacy rights regarding the data and with the consent of Runners/Customers, DHA may share or provide/use Runners/Customers' personal data to/with related parties, including:
- 9.2.1. DHA's employees and agents to serve the purposes stated in the Personal Data Protection Policy
- 9.2.2. External recipients of DHA, including partners/subcontractors of partners, DHA's subsidiaries/affiliates, and any or all trusted partners cooperating with DHA with whom DHA has agreements regarding the obligation to protect Runners/Customers' data and comply with privacy rights concerning the data, to serve the purposes stated in this Personal Data Protection Policy;
- 9.2.3 Partners with whom DHA signs distribution or cross-selling agreements (DHA as the distributor or cross-seller of the partner) to provide cross-sold products as per Runners/Customers' needs;
- 9.2.4 Third-party service providers to help DHA operate its business, websites, applications, or devices, provide Runners/Customers with selected products, services, programs, or manage activities on behalf of DHA, such as sending newsletters or surveys, etc.;
- 9.2.5 If Runners/Customers perform payment services, registrations via websites, applications, or direct payments to DHA, their personal data may need to be provided to third parties (e.g., payment service providers, data management service companies) to support those services;
- 9.2.6 In the event of a proposed or completed sale, merger, or transfer of all or part of DHA's business or assets (including in the event of reorganization, dissolution, liquidation, or restructuring, or change of control), DHA may provide Runners/Customers' personal data to the potential seller or buyer, or their representatives, provided that DHA has taken reasonable and lawful steps to ensure the safety and security of Runners/Customers' personal data;
- 9.2.7 Competent state authorities in accordance with the law and/or when permitted by law.
Article 10. Third-Party Services
10.1. Runners/Customers may see advertisements or other content on any website, application, or device that may link to the websites or services of DHA's partners, advertisers, sponsors, or other third parties
10.2. DHA does not control the content or links appearing on third-party websites or services, and DHA is not responsible for the activities employed by the websites or services of third parties linked to or from any website, application, or device.
10.3. These websites and services may be subject to the privacy policies and terms of use of the third party.
Article 11. Direct Marketing to Customers
11.1. As stated in this Personal Data Protection Policy and in compliance with the requirements of applicable law, DHA, its direct marketing partners, or its service providers, may contact Runners/Customers via email, text message, or other electronic means at any time to provide Runners/Customers with information related to products, services, and programs that may interest them.
11.2. If Runners/Customers wish to unsubscribe from these notifications, they may use the unsubscribe instructions provided by DHA in each notification. Additionally, Runners/Customers can use the unsubscribe features provided through DHA’s websites and applications.
11.3. In the event Runners/Customers unsubscribe from marketing or advertising information, DHA may continue to contact Runners/Customers to follow their instructions, facilitate any purchases Runners/Customers request, send transaction messages, manage their accounts, or as required or permitted by applicable law.
Article 12. Use of Cookies
12.1 When Runners/Customers use or access DHA’s websites, DHA may place one or more cookies on their device.
12.2 A “cookie” is a small file placed on the device of Runners/Customers when they visit a website. It records information about their device, browser, and in some cases, their preferences and browsing habits. DHA may use this information to recognize Runners/Customers when they return to DHA’s websites, provide personalized services on DHA’s websites, aggregate analytical statistics to better understand website activity, and improve DHA’s websites. Runners/Customers can use their browser settings to delete or block cookies on their device.
12.3 However, if Runners/Customers decide not to accept or block cookies from DHA’s websites, they may not be able to fully utilize all the features of DHA’s websites.
12.4 DHA may process Runners/Customers' personal data through cookie technology, in accordance with the provisions of this Personal Data Protection Policy. DHA may also use remarketing measures to deliver advertisements to individuals previously known to have visited its websites.
12.5 To the extent that third parties have embedded content on DHA’s websites (e.g., social media features), those third parties may collect personal data of Runners/Customers (e.g., cookie data) if Runners/Customers choose to interact with the third party's content or use third-party services.
Article 13. Data Retention
DHA will only retain Runners/Customers' personal data for as long as necessary for the purposes stated in this Personal Data Protection Policy. DHA may also need to retain Runners/Customers' personal data for a period or duration prescribed by applicable law.
Article 14. Data Security, Risk Prevention, and Unintended Consequences
14.1. Runners/Customers understand that the provision and consent for DHA to use their personal data will always involve potential risks due to system errors, transmission issues, force majeure events, viruses, cyber-attacks, or hardware/software malfunctions, actions by Runners/Customers or any other third party that may affect the provision and processing of their personal data. Risks may arise such as Runners/Customers' personal data being used for unintended purposes or beyond DHA's and Runners/Customers' control.
14.2. DHA always strives to ensure security, safety, compliance with the law, and to limit any unwanted consequences or damages that may occur.
14.3. DHA will perform its responsibilities to protect personal data as required by applicable law with the best security measures in accordance with the law and regularly review and update management and technical measures when processing Runners/Customers' personal data (if any).
Article 15. Acceptance of Personal Data Protection Policy
15.1. By registering, paying fees, or using any product, service, program, website, application, or device, Runners/Customers are deemed to have accepted this Personal Data Protection Policy.
15.2. In the event Runners/Customers do not accept the terms or withdraw their consent for the processing of their personal data for the purposes stated in this Personal Data Protection Policy, such withdrawal may limit, restrict, suspend, cancel, prevent, or prohibit the provision of DHA’s products, services, programs, features on websites, applications, or devices, as applicable. DHA will not be liable for any loss incurred by Runners/Customers, and DHA's legal rights will be expressly reserved concerning such limitations, restrictions, suspensions, cancellations, prevention, or prohibitions
Article 16. Updates and Modifications to the Personal Data Protection Policy
16.1 DHA reserves the right to change, modify, adjust, supplement, or update this Personal Data Protection Policy at any time.
16.2 Notifications of any modifications will be posted on DHA’s website and/or other communication methods deemed appropriate by DHA.
16.3 DHA recommends that Runners/Customers carefully read this policy and regularly check DHA's website and other methods such as email, DHA’s mobile application, mobile subscriber messages, or other methods deemed reasonable by DHA to update any changes that DHA may make to this policy and always stay informed about how DHA is protecting Runners/Customers' personal data.
16.4 Runners/Customers' registration, fee payment, or continued use of websites, applications, or devices shall be considered as continued use of DHA's services and acceptance of this Personal Data Protection Policy and its related amendments and supplements.