PRIVACY POLICY 

(Last Updated Date: 23/01/2025) 

1. GENERAL TERMS
1.1. This Privacy Policy (“Policy”) describes how We Process Your Personal Data when You interact with Us, such as when You:
1.1.1. Access the website [https://reviewthue.com/] (hereinafter referred to as the “Website”);
1.1.2. Fill out and submit forms on the Website;
1.1.3. Enter into a Contract and use Our Services; or
1.1.4. Interact with Us in any other manner, whether through the Website or Third-Party Platforms;
(hereinafter collectively referred to as “Interacts” or “Interactions”).
1.2. In this Policy, certain terms and phrases are defined as follows:
1.2.1. “Personal Data” shall mean information in the form of symbols, letters, numbers, images, sounds, or similar formats in an electronic environment associated with a specific individual or capable of identifying a specific individual. The processing of Personal Data is carried out in accordance with the Privacy Policy and applicable Laws.
1.2.2. “Data Subject” or “Subject” shall mean the individual to whom the Personal Data relates.
1.2.3. “Processing of Personal Data” or “Processing” shall refer to one or more activities performed on Personal Data, such as: collecting, recording, analyzing, verifying, storing, modifying, disclosing, combining, accessing, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data, or any other related actions.
1.2.4. “Vietnamese Laws” or “Laws” shall mean all applicable terms and regulations of the laws of the Socialist Republic of Vietnam that are relevant to this Policy.
1.3. Unless otherwise specified in the context of this Privacy Policy:
1.3.1. References to a person include references to a business, firm, joint venture, unincorporated organizations, individuals, a state, or an agency of a state, whether or not having legal personality.
1.3.2. Words denoting one gender include all other genders.
1.3.3. Words in the singular form include the plural and vice versa.
1.4. Any reference to a provision or document shall include references to its respective amendments or replacements.
1.5. Words and phrases not defined in this Policy shall have the meanings as prescribed in the Terms And Conditions. If not defined in the Terms And Conditions, their meanings shall be determined in accordance with the Laws.
1.6. When You provide Personal Data to Us, regardless of whether You are the Data Subject or not, You and the Data Subject agree, represent, warrant, and take responsibility that:
1.6.1. The Personal Data is complete, accurate, truthful, and lawful. You shall notify Us of any changes to the Personal Data You provide. We have no obligation or responsibility to assess or verify the completeness, accuracy, truthfulness, or lawfulness of the Personal Data and shall be exempt from any liability related to Your failure to inform Us of any changes to the Personal Data You provide.
1.6.2. The Data Subject has lawfully and validly consented to Our Processing of Personal Data in accordance with this Policy and possesses lawful and valid evidence to prove such consent. We have no obligation or responsibility to assess or verify the legality or validity of the Data Subject’s consent or the related evidence.
1.6.3. You shall not provide Us with the Personal Data of individuals under 18 years old and/or individuals who do not have full civil act capacity.
1.6.4. You and the Data Subject shall protect and hold Us and Our personnel harmless from any harm. Additionally, You and the Data Subject agree to fully indemnify Us for all damages (including attorney fees) incurred due to any claims, lawsuits, or disputes arising from or related to Your and/or the Data Subject’s failure to comply with this provision.
1.7. The processing of Your Personal Data by payment service providers or Third-Party Platforms is carried out in accordance with the terms and conditions of the respective payment service providers or Third-Party Platforms, which are outside of Our control. You agree that We shall not be held responsible for any issues related to this processing.
1.8. This Privacy Policy may be updated, amended, supplemented, or replaced by Us from time to time and will be posted on Our Website. You should regularly visit and check Our Website to stay updated on the latest changes.

2. TYPES OF PERSONAL DATA PROCESSED
We collect the following Personal Data provided by You and/or the Data Subject:
2.1. Basic Personal Data:
2.1.1. Full name, middle name, and any other name used (if applicable);
2.1.2. Phone number;
2.1.3. Account information on Third-Party Platforms (including accounts such as Zalo, Facebook, email) used by You and/or the Data Subject to Interact with Us.
2.2. Sensitive Personal Data: Information about bank account details.

3. PURPOSE OF PROCESSING PERSONAL DATA
3.1. We process the Basic Personal Data as per Clause 2.1 for one or more of the following purposes:
3.1.1. Processing Purchase Orders or information provided by You and/or the Data Subject through forms on the Website, including but not limited to:
3.1.1.1. Notifying You of the receipt of a Purchase Order or information submitted via the form on the Website;
3.1.1.2. Contacting and communicating regarding the Purchase Orders and/or Service requests;
3.1.1.3. Evaluating and notifying about the acceptance or rejection of the Purchase Order.
3.1.2. Performing the Contract with You and/or the Data Subject, including but not limited to:
3.1.2.1. Contacting and communicating regarding the Contract;
3.1.2.2. Processing Orders, providing Services under the Contract;
3.1.2.3. Exercising rights, obligations, and other responsibilities under the Contract;
3.1.2.4. Resolving requests, complaints, and disputes arising from or related to the Contract;
3.1.2.5. Performing customer care and support activities.
3.1.3. Requesting the Data Subject to verify their identity before processing any request to exercise the Data Subject’s rights.
3.1.4. Serving Our business operations, including but not limited to fulfilling obligations related to analysis, reporting, finance, accounting, and tax, auditing, compliance activities, and other activities required for Our legitimate business operations in cases where We deem necessary or as required by the Laws.
3.1.5. Advertising and marketing at different times, including but not limited to:
3.1.5.1. Statistical analysis of data for research, development, and improvement of Services and/or the Website; enhancing customer experience;
3.1.5.2. Developing and providing personalized new products and services based on customer needs and actual conditions;
3.1.5.3. Creating marketing and advertising campaigns for products and services, including building campaigns based on customer preferences and executing those campaigns.
3.1.6. Complying with the Laws and international treaties to which Vietnam is a member, including but not limited to:
3.1.6.1. Providing data to relevant government authorities;
3.1.6.2. Fulfilling legal obligations and international treaty requirements that We shall comply with (if applicable).
3.1.7. Other purposes with the consent of the Data Subject at specific times.
3.2. We Process sensitive Personal Data as outlined in Clause 2.2 for the purpose of refunding the Customer and/or Data Subject in the event that We do not accept a Purchase Order under the T&C.

4. METHODS OF PROCESSING PERSONAL DATA
4.1. Methods of collecting Personal Data:
4.1.1. Provided voluntarily by You and/or the Data Subject when Interacting with Us;
4.1.2. Displayed by a Third-Party Platform when We contact You and/or the Data Subject through that Third-Party Platform;
4.1.3. Provided by an individual, agency, or organization with legal authority.
4.2. Methods of storing Personal Data:
4.2.1. Personal Data is stored within Vietnam in Our database system or at any location where We or Our branches, affiliates, subsidiaries, partners, or service providers have facilities.
4.2.2. The storing period of Personal Data is determined based on the Processing purposes specified in this Policy and in compliance with the Laws.
4.3. Methods of analyzing Personal Data: Personal Data is analyzed according to Our internal procedures, with principles of data protection and data security applied to Our IT system.
4.4. Methods of encrypting Personal Data: When necessary, collected Personal Data is encrypted according to appropriate encryption standards during Processing to ensure its protection.
4.5. Methods of sharing/transmitting/providing/transferring Personal Data:
4.5.1. We do not buy or sell Personal Data in any form.
4.5.2. Personal Data may be shared/transmitted/provided/transferred to:
4.5.2.1. Our parent company, subsidiaries, and affiliates;
4.5.2.2. Individuals or organizations related to the Processing purposes outlined in this Policy;
4.5.2.3. Individuals, agencies, or organizations with legal authority under applicable Laws;
4.5.2.4. Other cases as required by the Laws.
4.5.3. We use necessary protective measures to ensure the secure sharing/transmitting/providing/transferring of Personal Data.
4.5.4. If the recipient of Personal Data is located outside Vietnam, when transferring Personal Data abroad (including but not limited to activities involving cyberspace, electronic devices, or other methods to transfer Personal Data outside Vietnam), We will require the receiving party to ensure the protection of Personal Data. We are committed to complying fully with the regulations and requirements of the Laws to safeguard Personal Data.
4.6. Methods of deleting Personal Data:
In accordance with Laws or valid requests from the Data Subject, We will delete Personal Data that We are Processing, except in the following cases:
4.6.1. The Laws prohibit deletion or require Personal Data to be retained;
4.6.2. Personal Data is processed by a competent state authority for its official purposes under the Laws;
4.6.3. Personal Data has been made public under the Laws;
4.6.4. Personal Data is processed for legal purposes, scientific research, or statistical purposes as regulated by the Laws;
4.6.5. In emergency situations related to national defense, national security, social order, major disasters, dangerous diseases; when there is a risk to national security but does not yet warrant declaring a state of emergency; to prevent riots, terrorism, crime, and violations of the Laws; or
4.6.6. To respond to an emergency situation that threatens the life, health, or safety of the Data Subject or another individual.

5. OTHER ORGANIZATIONS AND INDIVIDUALS RELEVANT TO THE PURPOSE OF DATA
PROCESSING
5.1. Depending on the case, We may be the Personal Data controller or both the Personal Data controller and Processor.
5.2. To the extent permitted by the Laws, You and the Data Subject, understand that we may share Personal Data for purposes outlined in this Privacy Policy with the following organizations or individuals:
5.2.1. Our parent company, subsidiaries, and affiliates;
5.2.2. Organizations and individuals providing services and/or collaborating with Us, including but not limited to: agents, auditors, lawyers, business partners, providers of IT solutions, software, applications, operational services, management, troubleshooting, and infrastructure development;
5.2.3. Any individual or organization acting as a representative or authorized agent of the Data Subject, acting on behalf of the Data Subject;
5.3. The sharing of Personal Data will be conducted in accordance with the procedures, methods, and current Laws. The recipients of the Personal Data are obliged to protect and safeguard the Personal Data in accordance with this Policy, our internal regulations, our standards for Personal Data protection, and the applicable Laws.
5.4. We may be required to share Personal Data with individuals, agencies, or organizations with legal authority as required by the Laws.

6. UNEXPECTED CONSEQUENCES AND DAMAGES THAT MAY OCCUR
6.1. We use various protective and security technologies such as firewalls, access control measures, encryption, etc., to protect and prevent unauthorized access, use, or sharing of Personal Data. However, We cannot guarantee absolute safety of Personal Data in certain cases, such as:
6.1.1. Hardware or software errors during Processing that result in the loss of the Data Subject’s Personal Data;
6.1.2. Security vulnerabilities beyond our control, where the system is attacked by hackers, causing the exposure or leakage of Personal Data.
6.2. The Data Subject should be aware that at any point when they disclose or make their Personal Data public, it may be collected and used by others for purposes beyond the control of the Data Subject or Us.
6.3. In the event that the data storage server is attacked, resulting in the loss or exposure of Personal Data, We are responsible for reporting the incident to the relevant authorities for timely investigation and notifying the Data Subject in accordance with the Laws.
6.4. Cyberspace is not an absolutely secure environment, and We cannot guarantee that Personal Data shared over the internet will always be protected or secured. When transmitting Personal Data through cyberspace, the Data Subject should use secure systems to access the Website and/or Third-Party Platforms.

7. START DATE AND END DATE OF PERSONAL DATA PROCESSING
7.1. Personal Data is processed from the moment We receive the Personal Data legally, and We have the appropriate legal basis to process it in accordance with the Laws.
7.2. Personal Data will be processed until the Processing purposes are completed.
7.3. We may be required to store Personal Data even after the Contract between the parties has been terminated to fulfill legal obligations and/or requirements from competent state authorities.

8. RIGHTS AND OBLIGATIONS OF THE DATA SUBJECT
8.1. Rights of the Data Subject
8.1.1. The Data Subject has the following rights:
8.1.1.1. The right to be informed about the Processing activities of their Personal Data, except where otherwise provided by the Laws;
8.1.1.2. The right to consent or not consent to the Processing of their Personal Data, except where otherwise provided by the Laws;
8.1.1.3. The right to access, review, or request corrections to their Personal Data, except where otherwise provided by the Laws;
8.1.1.4. The right to withdraw consent, except where otherwise provided by the Laws;
8.1.1.5. The right to delete their Personal Data or request its deletion, except where otherwise provided by the Laws;
8.1.1.6. The right to request the restriction of the Processing of their Personal Data, except where otherwise provided by the Laws;
8.1.1.7. The right to request the provision of their Personal Data, except where otherwise provided by the Laws;
8.1.1.8. The right to object to the Processing of their Personal Data to prevent or restrict disclosure of Personal Data or its use for advertising or marketing purposes, except where otherwise provided by the Laws;
8.1.1.9. The right to file complaints, report, or initiate legal action according to the Laws;
8.1.1.10. The right to request compensation for damages in accordance with the Laws if there is a violation of the protection of their Personal Data, except where otherwise agreed by the parties or as provided by the Laws;
8.1.1.11. The right to protect themselves or request the competent authorities or organizations to take measures to protect their civil rights according to the Laws.
8.1.2. The Data Subject can exercise these rights by contacting Us directly.
8.1.3. We will process the Data Subject’s requests in accordance with the Laws, taking into account the legitimate rights of the Data Subject. However, if the Data Subject withdraws their consent, requests the deletion of Personal Data, or exercises other related rights that affect the ability to provide Services or maintain the Contract, We may consider and decide whether to continue providing Services or terminate the Contract. Actions taken by the Data Subject under this provision will be considered as unilateral termination by the Data Subject of any relationship between the Data Subject and Us, which may lead to a violation of the obligations or commitments under the Contract, and We reserve our rights and legal remedies in such cases. In such cases, We will not be liable for any damages (including, but not limited to, direct, indirect, incidental, special, punitive, or consequential damages, or any other damages) regardless of the form of legal action or legal theory applied (including, but not limited to, torts, contracts, warranties, negligence), even if We were advised, aware, or should have been aware of the possibility of such damages. Our legitimate rights and interests will remain fully protected. We will make reasonable efforts to process the legitimate and valid request from the Data Subject within the time frame stipulated by the Laws.
However, for protection and security purposes, We may request the Data Subject to verify their identity before processing their request.
8.1.4. We have the right to refuse to fulfill the Data Subject’s requests in certain cases, including but not limited to:
8.1.4.1. The Data Subject does not follow the procedure or guidelines we provide, or the request is incomplete or invalid;
8.1.4.2. The Data Subject fails to provide complete documentation or provides incomplete documentation for identity verification;
8.1.4.3. In cases where We assess that there are signs of fraud or violations regarding the protection or security of Personal Data; or
8.1.4.4. The Law does not permit Us to fulfill the request of the Data Subject.
8.2. Obligations of the Data Subject
8.2.1. To protect their Personal Data and require other relevant organizations or individuals to protect their Personal Data.
8.2.2. To promptly notify us when discovering any errors, mistakes, leaks, or suspicion of Personal Data being compromised.
8.2.3. To respect and protect the Personal Data of others.
8.2.4. To provide complete and accurate Personal Data when consenting to the processing of Personal Data. If there is any inaccurate information, the Data Subject will bear the costs if such inaccuracies affect or limit their rights.
8.2.5. To comply with legal regulations on Personal Data protection and participate in preventing violations of Personal Data protection regulations.

9. MISCELLANEOUS
9.1. From time to time, We may update this Privacy Policy to reflect changes in Our activities and services. When We post changes to this Privacy Policy, We will update the Last Updated Date at the beginning. If We make any significant changes in the Personal Data being processed, the purposes of processing Personal Data, or how Personal Data is processed, such as collection, use, and sharing, We will notify you by posting a clear notice of these changes on Our Website and/or sending it to the contact information You have provided to Us, at our discretion, so that You can exercise Your rights if necessary according to the Laws. We recommend that You periodically review this page for updates to this Privacy Policy.
9.2. You and the Data Subject confirm that by Interacting with Us and/or providing Your Personal Data to us in any form, You and the Data Subject agree to the entire Privacy Policy and any updates (if applicable) from time to time. If You do not agree with part or all of this Policy, please refrain from Interacting and/or providing Personal Data to Us in any form.
9.3. By agreeing to this Privacy Policy under Clause 9.2, You confirm that You have:
9.3.1. Agreed to allow your Personal Data to be Processed by Us and organizations or individuals involved in the Processing of Personal Data as stated in this Privacy Policy;
9.3.2. Acknowledged the types of Personal Data being Processed, the purposes of Processing Personal Data, the organizations or individuals Processing Personal Data, and Your rights and obligations concerning Your Personal Data;
9.3.3. Been notified, acknowledged, and agreed to all necessary information to be notified before Your Personal Data is Processed by Us and any organization or individual involved in the Processing; and
9.3.4. Agreed that We and the organizations or individuals involved in the Processing of Personal Data do not need to notify again before Processing your Personal Data.
9.4. If You have any questions about how We protect Your Personal Data, please contact Us directly.

COOKIE POLICY

(Last Updated Date: 23/01/2025)

1. WHAT IS A COOKIE?
1.1. A cookie is a small data file placed on Your computer or mobile device when You access the Website. We use cookies to collect information including but not limited to user identification codes, browser and device characteristics, access time, and interactions (for clarification, this information is not tied to a specific person and does not help identify an individual) in order to improve the performance of the Website, enhance Your browsing experience, protect the Website from spam robots, and provide reporting information for Our legitimate business operations.
1.2. Cookies perform various functions, such as allowing You to navigate between pages efficiently, remembering Your preferences, and generally improving the user experience. Cookies can inform Us of details such as whether You have visited the Website before or whether You are a new visitor. Cookies can also help ensure that the advertisements You see are more relevant to You and Your preferences.
1.3. There are 02 main types of cookies:
1.3.1. First-party cookies, which We store directly on Your device.
1.3.2. Third-party cookies, which are stored by a third party on Our behalf.
1.4. Cookies may remain on Your computer or mobile device for varying periods of time. Some cookies are session cookies, meaning they only exist while Your browser is open. They will be automatically deleted after You close Your browser. Other cookies are “persistent cookies”, meaning they remain after You close Your browser. They can be used by the Website to recognize Your computer when You reopen the browser and browse the Internet again.

2. WHAT TYPES OF COOKIES ARE WE USING?
The Website uses the following cookies:

3. HOW TO CONTROL OR DELETE COOKIES
3.1. You have the right to choose whether to accept cookies or not, and We explain how You can exercise this right below. However, please note that if You choose to refuse cookies, You may not be able to use all the features of the Website.
3.2. You can change Your cookie settings at any time by clicking the cookie customization button on the Website.
3.3. Alternatively, you can block all cookies by activating the settings on Your browser that allow You to refuse the installation of all or some cookies. However, if You use Your browser settings to block all cookies (including essential cookies), you may not be able to access all or part of our Website.
3.4. If You accept some or all cookies on this Website, You still have the option to set Your browser to notify You when You receive a cookie, so You can decide whether to accept it.

4. COOKIES THAT HAVE BEEN SET IN THE PAST
If You have turned off one or more cookies, We may still use the information collected from the cookies before Your opt-out option was set; however, We will stop using the disabled cookies to collect further information.

5. CHANGES TO THIS POLICY
From time to time, We will update this Cookie Policy to reflect changes in Our practices and business activities. When We post changes to this Cookie Policy, We will revise the “Last Updated Date” at the top of this page. If We make any significant changes in how We collect, use, and/or share information stored in cookies, We will notify You by posting a prominent notice about the changes on the Website. We encourage you to periodically check this page for any updates to this Cookie Policy or any other policies of Ours.