AGREEMENT ON PROTECTION AND PROCESSING OF PERSONAL DATA (CUSTOMER)

AGREEMENT ON PROTECTION AND PROCESSING OF PERSONAL DATA (CUSTOMER)
(According to Decree No. 13/2023/ND-CP of the Government on Personal Data Protection, effective from July 1, 2023)

This Agreement is made and signed on …/…/… between ezCloud Global Technology Company Limited (“ezCloud”) and Company/Hotel ………………………….. represented by Mr./Ms. ……………………… (according to Authorization No. ……) (“Provider”)
ezCloud and the Provider voluntarily agree to comply with the regulations on protection of Personal Data with the following terms:

AGREEMENT ON PROTECTION AND PROCESSING OF PERSONAL DATA (CUSTOMER)
(According to Decree No. 13/2023/ND-CP of the Government on Personal Data Protection, effective from July 1, 2023)

This Agreement is made and signed on …/…/… between ezCloud Global Technology Company Limited (“ezCloud”) and Company/Hotel ………………………….. represented by Mr./Ms. ……………………… (according to Authorization No. ……) (“Provider”)
ezCloud and the Provider voluntarily agree to comply with the regulations on protection of Personal Data with the following terms:

Article 1: Definitions

1. “Contract” is a general term referring to orders, proposals, requests, information requests, and agreements between the Supplier and ezCloud, including records, agreements, appendices, and documents related to those Contracts. These may be contracts for the sale of goods, provision of services, cooperation agreements, or other types of contracts.

2. “Personal Data” refers to information in the form of symbols, letters, numbers, images, sounds, or similar formats in an electronic environment associated with or used to identify a specific individual. The Personal Data referred to in this Agreement includes any Personal Data that ezCloud obtains from the Supplier, which may include the Supplier’s own data or the Personal Data of other individuals legally collected and permitted by the Supplier to be transferred to ezCloud to fulfill the work specified in the Contract(s) between ezCloud and the Supplier.

3. “Data Protection Law” means all laws and regulations on the protection of Personal Data or privacy rights applicable to the processing of Personal Data in Vietnam, including but not limited to the National Security Law 2004, Cybersecurity Law 2018, Decree No. 13/2023/ND-CP on Personal Data Protection, and any amendments, supplements, or replacements thereof.

4. “ezCloud” includes its employees, subsidiaries, parent companies, and related companies.

5. The terms “Personal Data,” “data subject,” “processing of Personal Data,” “controller,” and “controller and processor” used in this Agreement have the meanings as defined in Decree No. 13/2023/ND-CP on Personal Data Protection and any amendments or supplements thereto (if any).

Article 2: Consent Content

1. The parties acknowledge and agree that: (i) ezCloud may act as a Data Controller, Data Processor, or both depending on the specific case; (ii) the Supplier may act as a data subject, a Data Controller, or both depending on the specific case; and (iii) each party shall comply with its obligations under the applicable Data Protection Law regarding the processing of Personal Data.

2. The Supplier confirms and agrees that ezCloud is permitted to collect the Supplier’s Personal Data (directly or indirectly) from various data sources, including but not limited to:
   
   (i) Information provided by the Supplier (verbally or in writing) when using products/services, executing the Contract, registering an account on the ezCloud website (ezcloud.vn);
   
   (ii) From government agencies, vendors, service providers, ezCloud’s partners, and other third parties, including HR consulting services, banks, credit institutions, employment organizations, relatives of the Supplier, etc.;
   
   (iii) From publicly available sources;
   
   (iv) Through cookies or other monitoring tools generated by websites the Supplier visits.
   
   The Supplier may refer to ezCloud’s Privacy Policy at https://ezcloud.vn/chinh-sach-bao-mat.html for more information.

3. The Supplier agrees that ezCloud has the right to process the Supplier’s Personal Data, including both basic and sensitive Personal Data, and any updated, modified, or supplemented data. This includes:

   • Basic Personal Data: Full name, date of birth, gender, place of birth, permanent and contact addresses, nationality, images, phone number, email, ID card/citizen ID/passport/other identity documents, information about family relationships, account numbers, data reflecting online activities, and other information associated with or identifying a specific individual, as well as data as required by law.

   • Sensitive Personal Data: Health and private life information, race, ethnicity, genetic traits, physical attributes, biometric information (fingerprints), employment status, criminal records, customer information held by credit institutions, foreign bank branches, or other licensed entities such as account information, deposits, assets, transactions, guarantors, location data determined via GPS, and other legally defined sensitive data requiring confidentiality.

4. The Supplier agrees and acknowledges that their Personal Data may be processed for one or more of the following purposes:

   • Authentication and identification of the Supplier, reviewing or processing requests/transactions between the Supplier and ezCloud, evaluation for contract execution;

   • Management, operation, provision, and/or administration of services, software, or access to ezCloud’s website and contract implementation;

   • Communication, notifications, marketing, and provision of product/service information (including third-party products/services ezCloud collaborates with), existing or future promotions, and customer support;

   • Research, analysis, and development of services (including statistics, data analysis, surveys, reports, product/service development) to improve service quality and user experience;

   • Maintaining and administering software updates and other system updates necessary for smooth ezCloud operations;

   • Receiving and responding to inquiries, handling requests or complaints;

   • Risk control and management, fraud prevention, investigation of misconduct, dispute resolution, legal proceedings;

   • Issuance of invoices and documents per legal regulations;

   • Ensuring public safety, occupational safety, personal safety, rights, and assets of others;

   • Compliance with ezCloud system security and Personal Data protection requirements;

   • Auditing ezCloud’s services or business operations;

   • Fulfilling legal obligations or requests from competent state authorities;

   • Other related purposes in line with ezCloud’s operations, management, and legal compliance.

   Some purposes for collecting, using, disclosing, or processing personal data depend on the context at the time of collection and may not be listed above. ezCloud will inform the Supplier of such purposes when consent is required, unless legally exempt.

5.  In order to carry out the purposes of processing personal data as prescribed in Clause 3 of this Article, the Provider agrees, allows and authorizes ezCloud to provide the Provider’s personal data to any or all of the following entities (as determined by ezCloud in each specific case, in accordance with the agreement in this Clause) and these entities are entitled to process the Provider’s personal data without any further consent or confirmation from the Provider (except in cases where ezCloud requires otherwise): (i) ezCloud; (ii) companies and/or organizations, individuals who are service providers, agents, partners, contractors, associates with ezCloud and/or professional consultants and advisors of ezCloud; (iii) competent authorities in Vietnam, organizations or persons requesting information in accordance with Vietnamese law; (iv) Transferees in the event of a merger, divestment, restructuring, reorganization, dissolution or sale or transfer of part or all of ezCloud’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceedings; (iv) Other related parties that ezCloud deems necessary to provide products/services, protect the legitimate rights and interests of ezCloud, of the Supplier under the Contract or ezCloud assesses that there is a legal basis to provide personal data of the Supplier.

6.  The Supplier agrees that the Supplier’s Personal Data is processed by any method according to ezCloud’s policy from time to time depending on each product, service, Purpose, including but not limited to, collecting, recording, analyzing, confirming, storing, editing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, using cyberspace, devices, electronic means or other forms to transfer Personal Data domestically and/or abroad, deleting, destroying and other related actions.

7. The Provider agrees that Personal Data may be transferred, stored, processed in Singapore, where ezCloud’s servers, ezCloud’s central location and database are operated, or will be transmitted to the United States where Google’s servers are located (because ezCloud’s website uses Google Analytics)

8. The Provider understands and agrees that the Provider’s exercise of the rights specified in Article 3 of this Agreement may affect ezCloud’s ability to provide services under the Contract and result in: (i) inability to use the service, or (ii) only partial use of the service, or (iii) use of the service with undesirable quality, or (iv) not being informed of information about products/services or promotional programs, or (v) causing the Contracts between the parties to be interrupted or terminated. Therefore, ezCloud may request the Provider to withdraw these requests.

Article 3. Rights and obligations of the Provider regarding the processing of Personal Data
1. The Provider has the right to know, consent, provide, access, edit, delete Personal Data, withdraw consent to the processing of Personal Data, request restriction or object to the processing of its Personal Data, the right to complain, denounce, initiate a lawsuit, the right to request compensation for damages and the right to self-defense, unless otherwise provided by law. The withdrawal of consent will not affect the legality of the data processing agreed upon before the withdrawal of consent

2. The Provider may exercise its above rights by sending a legally signed document by post to the head office address of ezCloud, or by email to hotro@ezcloud.vn.

3. Self-protect its Personal Data; request other relevant organizations and individuals to protect its Personal Data.

4. The Provider shall provide ezCloud with Personal Data that is lawful, complete, accurate and up to date at the time of provision.

5. The Provider’s instructions regarding the processing of Personal Data shall be consistent with the terms of the Contract and in compliance with all applicable Data Protection Laws, including the appointment of ezCloud as another processor, as authorized by the relevant controller. The Provider shall be responsible for the legality of the Personal Data and the manner in which the Provider receives the Personal Data. ezCloud shall not be required to comply with or follow the Provider’s instructions if such instructions violate the Data Protection Laws.

6.The Provider shall have other rights and obligations as prescribed by law.

Article 4. Other commitments on processing Personal Data
In the process of processing Personal Data, ezCloud and related parties commit to apply necessary and appropriate technical, security and confidentiality measures to protect the Personal Data of the Provider in accordance with Vietnamese law; fully comply with this Personal Data Protection Agreement and the Contracts with the Provider. However, the Provider understands and acknowledges that no technical system or security or confidentiality measure is absolutely safe and online transactions, cyberspace and other forms of processing Personal Data always have potential risks, including but not limited to data leakage, dissemination, exploitation, appropriation or misuse. The Provider exempts ezCloud from all obligations and responsibilities for risks that may occur during the process of processing personal data due to objective reasons beyond the control of ezCloud.

Article 5. Time of commencement and termination of processing of Personal Data
ezCloud begins to perform Personal Data processing activities from the time it is provided and/or becomes aware until (i) the Contract with the Provider expires, or (ii) the Provider stops using ezCloud’s products/services, (iii) the Purpose of Data Processing is completed or is no longer necessary, or (iv) receives a written request to terminate data processing from a competent state agency, or (v) the Provider decides to withdraw consent after the Provider has completed the procedures prescribed by law, and/or (vi) ezCloud’s applicable policies at each time.

Article 6. Declaration of the Provider
1. The Provider voluntarily agrees and understands the contents stipulated in each Clause of this Agreement.

2. In case the Provider is the Controller or the Controller and Processor of Personal Data, the Provider ensures that:

The Provider has received the explicit consent (in accordance with the provisions of the Data Protection Law) of the data subject for all activities of collecting, using data and providing information to ezCloud;
The Provider has notified and received the explicit consent (in accordance with the provisions of the Data Protection Law) of the data subject that Personal Data may be processed outside their country of origin
The data subject has clearly known and fully agreed to the processing of Personal Data and the contents stipulated in Article 2 of this Agreement before agreeing to the Provider to collect Personal Data, in accordance with the provisions of this Agreement and the Data Protection Law.
Established a record of the impact assessment of Personal Data processing on Personal Data, assessed the impact of transferring Personal Data abroad in accordance with the provisions of Decree 13 and the guidance of the Ministry of Public Security in each period (if any).
Stored evidence proving the consent of the data subject as prescribed in this clause and provided this evidence upon request of ezCloud.

3. The Supplier guarantees and compensates ezCloud for damages caused by the Supplier’s failure to comply with the provisions of this Article.

Article 7: General provisions

1. This Agreement is an inseparable part of the Contract signed between the Supplier and ezCloud.

2. In the event that ezCloud provides Personal Data that ezCloud collects/holds to the Supplier, the Supplier commits to comply with the level of protection of Personal Data no lower than the level of protection that ezCloud has committed to in this document.

3. The Supplier agrees that ezCloud has the right to adjust, amend, supplement, replace the contents of the Personal Data Processing Agreement and publish or notify in a public form as follows: Publish, notify on the website: ezcloud.vn; and/or publish, notify in writing or email or in any other form that ezCloud deems appropriate. The Supplier is responsible for updating the Personal Data Processing Agreement from the publication channels, notification channels of ezCloud as prescribed in this clause and these adjusted, amended, supplemented, and replaced Agreements have the same legal value as when expressed in paper form, accordingly, the Supplier and ezCloud are responsible for implementation without having to make or conclude additional agreements in paper form.

The Personal Data Processing Agreements are adjusted, amended, supplemented, replaced and effective at the time of the information published, notified when ezCloud publishes, notifies as prescribed in this Clause. In case the Provider does not agree with the changes, the Provider must send a written notice to ezCloud.

4. In case of any conflict or inconsistency regarding the protection and processing of personal data between this Agreement and the Contracts concluded/established before, on or after the date the Provider accepts this Agreement, this Agreement shall prevail.

5. The Provider clearly understands and agrees that this Agreement is also ezCloud’s notice of the processing of the Provider’s Personal Data and ezCloud does not need to send any other notice to the Provider regarding the processing of this information.

6. This Agreement shall be effective from the date of signing until terminated in accordance with Article 5.

7. This Agreement shall be interpreted and governed by the laws of Vietnam. In case of any disputes arising from and/or relating to this Agreement, such disputes shall be resolved at the competent People’s Court.