(According to Decree No. 13/2023/ND-CP of the Government on Personal Data Protection, effective from July 1, 2023)
This Agreement is made and signed on …/…/… by:
Full name:
ID card/CCCD/Passport number: …………………… date of issue…………………… place of issue………..
Permanent address: ………………………………………………………………………………
Phone number: …………………………………………………………………………………….
(hereinafter referred to as “the Provider”)
The Provider voluntarily agrees to comply with the regulations on Personal Data protection with the following terms:
Article 1: Definitions
“Contract” is a general term for contracts between the Supplier and ezCloud and/or minutes, agreements, appendices, documents related to such Contracts. It can be a labor contract, a probationary contract, other contracts, etc.
“Personal Data” is information in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment associated with a specific person or helping to identify a specific person. Personal Data referred to in this Agreement is Personal Data of any data subject that ezCloud obtains from the Supplier, it can be the Personal Data of the Supplier itself, or Personal Data of other subjects that the Supplier has legally collected and is permitted to transfer and provide to ezCloud for ezCloud to perform the tasks stated in the Contract(s) between ezCloud and the Supplier.
“Data Protection Laws” means all laws and regulations on the protection of Personal Data or privacy applicable to the processing of Personal Data in Vietnam, including but not limited to the Law on National Security 2004, the Law on Cyber Security 2018; Decree No. 13/2023/ND-CP on the protection of Personal Data and their amendments, supplements and replacements.
“ezCloud” includes employees of ezCloud, its branches/parent companies/subsidiaries and related companies.
“Human resource activities” means the human resource work and activities that ezCloud performs for the Supplier, including but not limited to recruitment, signing and performing probationary contracts, signing and performing labor contracts, paying salaries, bonuses, allowances, benefits, training, appointment, transfer, dismissal, commendation, discipline, suspension, termination of labor contracts and performing other human resource work and activities. The terms “Personal Data”, “data subject”, “personal data processing”, “controller” and “controller and processor” used in this Agreement have the meanings as prescribed in Decree No. 13/2023/ND-CP on Personal Data protection and its amendments and supplements (if any).
Article 2. Contents of consent
1. The parties acknowledge and agree as follows: (i) ezCloud is the Data Controller or the Data Processor or the Data Controller and Processor, as the case may be; (ii) the Provider is the data subject or the Data Controller or the Data Controller and Processor, as the case may be; and (iii) each party shall comply with its obligations under the applicable Data Protection Law in relation to the processing of Personal Data.
2. The Provider acknowledges and agrees that ezCloud is permitted to collect the Provider’s Personal Data (directly or indirectly) from various data sources, including but not limited to: (i) from information provided by the Provider (orally, in writing) when being recruited, signing the Contract, during the course of working at ezCloud, or according to survey programs in which the Provider participates; (ii) from state agencies, suppliers, service providers, partners of ezCloud and other third parties, including but not limited to human resource service consultants, banks, credit institutions, employment organizations, relatives of the Provider, etc.; (iii) from publicly available information sources; (iv) through files created by the website that the Provider accesses (cookies) or similar monitoring devices/tools. The Provider can refer to better understand how to collect information on the ezCloud website at https://ezcloud.vn/chinh-sach-bao-mat.html
3. The Provider agrees that ezCloud has the right to process the Provider’s Personal Data, including basic Personal Data and sensitive Personal Data and data updated, modified, and supplemented at each time, including:
Basic Personal Data includes full name, date of birth, gender, place of birth, permanent address, contact address, nationality, image, phone number, email, ID card/citizen identification card/passport/other identification documents, information about family relationships, digital accounts, Personal Data reflecting activities, history of activities on cyberspace, other information and data associated with individuals or helping to identify a specific individual and other information and data as prescribed by law; and
Sensitive personal data includes health and privacy status, race, ethnicity, genetic characteristics, physical attributes, biometric information (fingerprints), employment status, data on crimes, criminal acts, customer information of credit institutions, foreign bank branches, payment intermediary service providers, other authorized organizations, including: account information, deposit information, deposit information, transaction information, information on organizations and individuals who are guarantors at credit institutions, bank branches, payment intermediary service providers; data on the location of individuals identified through positioning services, other data prescribed by law as specific and requiring necessary security measures
4. The Supplier agrees and confirms that the Supplier’s Personal Data is processed for one or more of the following Purposes:
Authentication, identification of the Supplier, assessment and appraisal for the purpose of concluding the Contract;
To serve the provision, operation, processing and management of ezCloud for human resources activities related to the Supplier, and to serve other purposes that ezCloud determines appropriate at each time;
To perform and comply with the Contract signed with the Supplier and carry out human resources activities to the Supplier;
To serve the inspection work of the State Bank, educational institutions, enterprises or other relevant agencies (if necessary);
To evaluate and/or process the Supplier’s request/proposal for any human resources activities (including but not limited to third-party products such as insurance policies, health care, etc.);
To provide/send information and documents related to human resources activities, serving the work specified in the Contract for the Supplier;
To enter and check the completeness and accuracy of the data the Supplier enters into the system
To survey and probe satisfaction to improve the quality of human resources activities;
To receive and contact to answer questions, handle requests and complaints;
To control, protect the rights of ezCloud, manage risks, prevent and investigate any fraud, illegal activities, omissions or wrongdoings, resolve disputes, carry out litigation activities;
To ensure public security and labor safety, protect personal safety, rights, property or safety of others;
To implement regulations related to protecting the security of ezCloud’s system and protecting the personal data of the Supplier;
Collecting statistics and researching internal reports in accordance with statutory and/or record-keeping requirements;
Serving ezCloud’s auditing, risk management and compliance activities;
To meet or comply with ezCloud’s internal policies and legal obligations or as required by competent State agencies;
Carrying out other purposes related to ezCloud’s business, operation, management and compliance in accordance with the provisions of law from time to time.
Some Purposes for collecting, using, disclosing or processing personal data depend on the circumstances at the time of collection, so they will not appear in the above list. However, ezCloud will notify the Provider of such Purposes at the time of requiring the Provider’s consent, unless the processing of personal data without the consent of the data subject is required by law.
5. In order to carry out the purposes of processing personal data as prescribed in Clause 3 of this Article, the Provider agrees, allows and authorizes ezCloud to provide the Provider’s personal data to any or all of the following entities (as determined by ezCloud in each specific case, in accordance with the agreement in this Clause) and these entities are entitled to process the Provider’s personal data without any further consent or confirmation from the Provider (except in cases where ezCloud requires otherwise): (i) ezCloud; (ii) companies and/or organizations, individuals who are service providers, agents, partners, contractors, associates with ezCloud and/or professional consultants and advisors of ezCloud; (iii) competent authorities in Vietnam, organizations or persons requesting information in accordance with Vietnamese law; (iv) The transferee in the event of a merger, divestment, restructuring, reorganization, dissolution or sale or transfer of part or all of ezCloud’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceedings; (iv) Other related parties that ezCloud deems necessary to serve human resources activities, provide products/services, protect the legitimate rights and interests of ezCloud, of the Supplier under the Contract or ezCloud assesses that there is a legal basis to provide personal data of the Supplier. 6. The Provider agrees that the Provider’s Personal Data will be processed by any method in accordance with ezCloud’s policy from time to time depending on each Purpose, including but not limited to, collecting, recording, analyzing, validating, storing, editing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, using cyberspace, devices, electronic means or other forms to transfer Personal Data domestically and/or abroad, deleting, destroying and other related actions.
7. The Provider agrees that Personal Data may be transferred, stored, processed in Singapore, where ezCloud’s servers, locations and central databases are operated, or will be transmitted to the United States where Google’s servers are located (because ezCloud’s website uses Google Analytics).
8. The Supplier understands and agrees that the Supplier’s exercise of the rights specified in Article 3 of this Agreement may result in the obligations that the Supplier must fulfill under the Contracts between the Supplier and ezCloud no longer being suitable/affecting the interests of ezCloud according to ezCloud’s assessment. The Supplier agrees that ezCloud can proactively choose to implement one of the following methods without any objection from the Supplier: (i) Stop performing/Terminate the validity of the Contracts between the Supplier and ezCloud without any liability; (ii) Agree to comply with the Supplier’s request; (iii) Request the Supplier to withdraw these requests.
Article 3. Rights and obligations of the Provider regarding the processing of Personal Data
1. The Provider has the right to know, consent, provide, access, correct, delete Personal Data, withdraw consent to the processing of Personal Data, request restriction or object to the processing of its Personal Data, the right to complain, denounce, initiate a lawsuit, the right to request compensation for damages and the right to self-defense, unless otherwise provided by law. The withdrawal of consent will not affect the legality of the data processing agreed upon before the withdrawal of consent.
2. The Provider may exercise its above rights by sending a legally signed document by post to the head office address of ezCloud, or by email to hotro@ezcloud.vn.
3. Self-protection of its Personal Data; require other relevant organizations and individuals to protect their Personal Data.
4. Respect and protect the personal data of others.
5. The Provider is responsible for providing ezCloud with legal, complete, accurate and updated Personal Data at the time of provision.
6. The Provider’s instructions on the processing of Personal Data will be consistent with the contents of the Contract and comply with all Data Protection Laws, including the appointment of ezCloud as another processor, as authorized by the relevant controller. The Provider is responsible for the legality of the Personal Data and the method by which the Provider receives the Personal Data. ezCloud will not be required to comply or follow the Provider’s instructions if such instructions violate the Data Protection Law.
7. The Provider has other rights and obligations as prescribed by law.
Article 4. Other commitments on processing Personal Data
In the process of processing Personal Data, ezCloud and related parties commit to apply necessary and appropriate technical, security and confidentiality measures to protect the Personal Data of the Provider in accordance with Vietnamese law; fully comply with this Personal Data Protection Agreement and the Contracts with the Provider. However, the Provider understands and acknowledges that no technical system or security or confidentiality measure is absolutely safe and online transactions, cyberspace and other forms of processing Personal Data always have potential risks, including but not limited to data leakage, dissemination, exploitation, appropriation or misuse. The Provider exempts ezCloud from all obligations and responsibilities for risks that may occur during the process of processing personal data due to objective reasons beyond the control of ezCloud.
Article 5. Time of commencement and termination of processing of Personal Data
ezCloud begins to perform Personal Data processing activities from the time it is provided and/or becomes aware until (i) the Contract with the Provider expires, or (ii) the Purpose of Data Processing is completed or no longer necessary, or (iii) receives a written request to terminate data processing from a competent state agency, or (iv) the Provider decides to withdraw consent after the Provider has completed the procedures prescribed by law, and/or (v) the applicable policy at each time of ezCloud.
Article 6. Declaration of the Provider
1. The Provider voluntarily agrees and fully understands the contents stipulated in each Clause of this Agreement.
2. In case the Provider is not the data subject, the Provider guarantees:
The Provider has received the explicit consent (in accordance with the provisions of the Data Protection Law) of the data subject for all activities of collecting, using data and providing information to ezCloud;
The Provider has notified and received the explicit consent (in accordance with the provisions of the Data Protection Law) of the data subject that Personal Data may be processed outside their country of origin
The data subject has clearly known and fully agreed to the processing of Personal Data and the contents stipulated in Article 2 of this Agreement before agreeing to the Provider to collect Personal Data, in accordance with the provisions of this Agreement and the Data Protection Law;
Store evidence proving the consent of the data subject as prescribed in this Clause and provide this evidence upon request of ezCloud.
3. The Supplier guarantees and compensates ezCloud for damages caused by the Supplier’s failure to comply with the provisions of this Article.
Article 7: General provisions
1. This Agreement is an inseparable part of the Contract signed between the Supplier and ezCloud.
2. In the event that ezCloud provides Personal Data that ezCloud collects/holds to the Supplier, the Supplier commits to comply with the level of protection of Personal Data no lower than the level of protection that ezCloud has committed to in this document.
3. The Supplier agrees that ezCloud has the right to adjust, amend, supplement, replace the contents of the Personal Data Processing Agreement and publish or notify in the following public form: Publish, notify on the website: ezcloud.vn; and/or publish, notify in writing or email or in any other form that ezCloud deems appropriate. The Supplier is responsible for updating the Personal Data Processing Agreement from the publication channels, notification channels of ezCloud as prescribed in this clause and these adjusted, amended, supplemented, and replaced Agreements have the same legal value as when expressed in the form of a paper document, accordingly, the Supplier and ezCloud are responsible for implementation without having to make or conclude additional agreements in the form of a paper document. The Personal Data Processing Agreements are adjusted, amended, supplemented, replaced and effective at the time of the information published, notified when ezCloud publishes, notifies as prescribed in this Clause. In case the Provider does not agree with the changed contents, the Provider must send a written notice to ezCloud.
4. In case of any conflict or contradiction regarding the protection and processing of personal data between this Agreement and the Contracts concluded/established before, on or after the date the Provider accepts this Agreement, this Agreement shall prevail.
5. The Provider clearly understands and agrees that this Agreement is also ezCloud’s notice of the processing of the Provider’s Personal Data and ezCloud does not need to send any other notices to the Provider regarding the processing of this information.
6. This Agreement shall be effective from the date of signing until terminated in accordance with Article 5.
7. This Agreement shall be interpreted and governed by the laws of Vietnam. In case of any disputes arising from and/or relating to this Agreement, such disputes shall be resolved at the competent People’s Court.
