POLICIES ON PRIVACY, PROTECTION, AND HANDLING OF CUSTOMER AND PARTNER INFORMATION

Thank you to our Customers and Partners for visiting Prepedu.com!

Prep Technology Joint Stock Company (hereinafter referred to as “Prep”) values the personal information of Customers and Partners and respects their right to privacy. Prep seeks to inform Customers and Partners about how the information collected will be used, as well as the purposes and measures implemented to protect the personal information of Customers and Partners within Prep’s database.

This policy applies to all websites and mobile software, as well as all services provided by Prep. 

 

Article 1: Definitions

1. Prep: refers to Prep Technology Joint Stock Company, with tax code 0109817671. Its headquarters is located at No. 20, Alley 234/35 Hoang Quoc Viet Street, Co Nhue 1 Ward, Bac Tu Liem District, Hanoi, Vietnam.

2. Customer: refers to individuals and/or organizations that provide personal data in activities related to searching for, accessing, purchasing, registering to use, or using Prep’s products, goods, or services.

3. Partner: refers to any organization, enterprise, individual, or legal representative of a legal entity that cooperates and signs agreements or contracts with Prep. Partners provide products, and services, or collaborate with Prep in conducting business activities.

4. Personal Data: refers to information in the form of symbols, letters, numbers, images, sounds, or similar forms in an electronic environment associated with or helping to identify a specific individual. Personal data includes both basic personal data and sensitive personal data.

5. Basic personal data processed by Prep includes:

5.1. For Customers: 

1. Full name (first, middle, and last name), other names (if any);

2. Date of birth;

3. Place of birth, place of birth registration, permanent residence, temporary residence, current address, hometown, contact address;

4. Individual’s photograph;

5. Phone number;

6. Personal account information; email address;

7. Personal data reflecting activities and activity history in the digital space, including:

• Data related to websites, social networks, or applications, customer reviews, feedback on service quality, learning programs; questions asked by the Customer to teachers, instructors, support staff, or other users; content of surveys completed by the Customer or promotions (if any) participated in on Prep’s website or websites of Prep’s Partners;

• Connection logs, cookies, and IP address information;

• Data from third-party logins such as Facebook or Google. In this case, the handling of Customer data will be influenced by the terms the Customer previously agreed to with the third party they used;

• Diagnostic, technical, error, and usage information, such as the time and duration of software use or time spent on the website installed on the Customer's device, search terms entered by the Customer into their device relating to a specific Prep Service, or any information stored in cookies, error reports, and crash logs;

• Voice recordings of the Customer during exercises, which are collected on Prep's servers when the Customer enables this function. Prep also collects and stores the Customer’s voice recordings for the purpose of checking, evaluating, commenting on, and assisting with exercises. Please note that Prep works with a third-party service provider offering voice-to-text conversion services, and this provider may also receive and store certain voice commands as per the contract between Prep and the trusted third-party provider.

5.2. For Partners: 

a. Information of Partners that are organizations or enterprises: 

• Organization or enterprise name, tax identification number;

• Headquarters address, representative office, or branch;

• Phone number;

• Email address.

b. Information of Partners that are individuals / personal information of the Partner's representative:

• Full name (first, middle, and last name), other names (if any);

• Date of birth;

• Place of birth, place of birth registration, permanent residence, temporary residence, current address, hometown, contact address;

• Phone number and email address;

6. Sensitive personal data processed by Prep includes:

6.1. For Customers: 

1. Personal account information;

2. Location data of individuals determined through location services: Information about nearby Wifi access points, cell towers, and, with the Customer's explicit consent, GPS signals from the Customer’s device may be transmitted to Prep when using Prep's application.

6.2. For Partners:

1. Personal or enterprise bank account information related to transactions and payments between the Partner and Prep;

2. Geolocation or connection location data from GPS, Wifi, or cell towers, collected when the Partner's representative or contact person uses Prep’s products (if applicable);

3. Voice recordings stored to ensure content verification, improve service quality, and address arising issues. This data is only collected with prior notice and mutual consent of both parties.

7. Processing of personal data: refers to one or more activities affecting personal data, such as: collection, recording, analysis, validation, storage, modification, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data, or other related actions.

 

 

Article 2: Purpose of Data Processing

2.1. For Customers:

1. To provide products, goods, and services to Customers, including but not limited to:

• Supplying, activating, or verifying products, goods, and services requested by the Customer through Prep's transaction channels or any other requests that arise during the process of searching for, accessing, purchasing, registering to use, or utilizing Prep’s products, goods, or services;

• Receiving verification codes for the Customer to start using Prep's services;

• Serving the purpose of contacting and notifying Customers.

 

2. To assist Customers in purchasing and using products, goods, and services provided by Prep in accordance with contracts and legal regulations, including:

• Updating and processing information when the Customer purchases or uses products, goods, or services;

• Customer care, receiving and addressing inquiries or complaints from Customers regarding Prep’s products, goods, and services;

• Providing Customers with software updates, maintenance services, and device application support;

• Using and sharing personal data, issue information, incidents, and error reports reported by Customers with Partners to identify and resolve issues with products, goods, and services; repairing Customer devices; and carrying out other customer care and support activities.

• To protect against, detect, or prevent fraud or other criminal activities, and for other requests or obligations.

 

3. To enhance the quality of products, goods, and services provided by Prep to Customers:

• To provide information that the Customer has requested or that Prep believes may be useful to the Customer, including information about Prep’s products, goods, and services; notifications of new updates regarding services being used, complementary products suitable for the Customer, and useful knowledge;

• To improve technology, user interfaces of electronic information pages, websites, social networks, and applications to ensure convenience for Customers;

• To manage Customer accounts and loyalty programs;

• To store information, conduct market research, analysis, statistics, and other internal management activities to enhance the Customer experience;

• To report, analyze, and statistically assess internal data to research, develop, manage, measure, provide, and improve products, goods, and services as well as to operate Prep's business activities;

• To create marketing campaigns for products, goods, and services and to determine how Prep can personalize those products, goods, and services;

• To develop and offer new personalized products, goods, and services based on the needs and actual conditions of Customers, with effective measurement methods;

• To introduce and provide promotional programs for products, goods, and services, discounts, and promotions from Prep and those in collaboration with Partners;

2.2. For Partners:

1. To perform, manage, and supervise contracts and agreements:

• To ensure the establishment, signing, and fulfillment of obligations by the relevant parties according to the agreements and contracts signed between Prep and the Partner.

• To perform financial reconciliation and timely payments, including managing invoices, receipts, and related payment documents.

• To manage transactions, monitor, and ensure the timely delivery of services or products as committed.

2. To maintain communication and support collaboration:

• To use the contact information of the legal representative or primary contact person of the Partner to send notifications, coordinate tasks, or communicate in case of arising situations.

• To assist the Partner in resolving technical or administrative issues, including updating progress, addressing incidents, and providing support regarding products and services.

3. To enhance collaboration effectiveness and improve services:

• To validate the information and verify the identity of the legal representative to ensure legality and safety in transactions.

• To manage and monitor the Partner's access rights to Prep's internal systems or online services to prevent security risks and unauthorized access.

• To use location data and login information for security purposes, to prevent fraud, and to protect Prep's information technology systems.

4. To enhance collaboration effectiveness and improve services:

• To analyze transaction data and collaboration effectiveness to optimize workflows and suggest improvements to products and services to enhance the Partner's experience.

• To receive feedback and evaluations from the Partner to implement product and service improvements in line with market needs and realities.

5. To comply with legal regulations and fulfill legal obligations:

• To store information, documents, and transactions related to ensuring compliance with legal regulations concerning finance, taxation, and auditing.

• To provide data to competent state authorities or auditing entities upon request within the scope of fulfilling legal obligations and cooperating with state management agencies.

• To resolve disputes and complaints arising during collaboration based on legal regulations and the agreements signed between the parties.

 

Article 3. Data Processing Methods

3.1. Data Collection Methods:

Personal data is collected directly from Customers and Partners in the following cases:

• From Prep’s websites and applications: We may collect personal data when Customers or Partners access any of Prep's websites or applications or use any features or resources available on or through the website or application. When Customers or Partners access the website or application, Prep collects information about the device and browser (such as device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the website, and other technical communication information); basic personal information (full name; date of birth; phone number; address; email address).

• From products, goods, and services: We may collect personal data when Customers search for, access, purchase, register for use, or use any products, goods, or services through any means (website, application, etc.); Prep's transaction channels, online space; and/or other methods as prescribed by law.

• From exchanges and communications with Customers and Partners: We may collect personal data through interactions between us and Customers (in person, via mail, phone, online, call center, electronic communication, or any other means), including customer surveys.

• From social media: These are the official social media channels of Prep and/or social networks with which we collaborate with Partners.

• From recording devices: Audio recordings of Customers' voices during their use of services; audio recordings from exchanges with Partners that have been agreed upon by both parties.

• From interactions or automatic data collection technologies: We may collect information including IP address, referring URL, operating system, electronic browser, and any other information automatically recorded from the connection:

Cookies, flash cookies, plug-ins, pixel tags, electronic beacons, third-party social media connectors, or other tracking technologies;

Other data information provided by a device.

• Other means: We may collect personal data when Customers or Partners interact with Prep through any other means.

We may also indirectly collect personal data from Customers through public, official information sources; or by receiving necessary data sharing from subsidiaries or Partners that they collected during their cooperation with Prep to provide products, goods, and services to Customers, which Customers have authorized for sharing.

 

3.2. Data Storage Methods:

Personal data is stored in Vietnam within Prep's customer and partner database systems or anywhere we, our subsidiaries, affiliates, partners, or service providers have a base and create backup copies for data centers in different areas.

During the time Customers and Partners access Prep's websites, applications, or social networks, we may also temporarily store information through cookies, clickstream, or similar web browsing data storage tools to retain data that the web server in the domain can retrieve.

 

3.3. Data Transfer/Sharing Methods:

Prep ensures information security, preventing data breaches, and requires all parties receiving personal data to implement data security measures. 

a. Prep may share Customer information with:

• Teaching staff, assignment reviewers, or official communication channels of Prep.

• Branches, subsidiaries, or representative offices of Prep.

• Trusted business partners who can provide information about the products and services that Customers are using from Prep to enhance service quality.

• Parties involved in business transactions: Prep may disclose Customers' personal data to third parties during mergers, transfers, purchases, sales, or business investments.

• Other parties with Customers’ consent or directive: Aside from the above-mentioned disclosure and sharing cases, Prep shares personal data about Customers with third parties when Customers agree to or request that sharing.

• Relevant state authorities - when Prep is required to do so to protect itself and its Customers.

b. Prep may share Partner information with:

• Branches, subsidiaries, or representative offices related to implementing cooperation and reconciling transactions with Partners.

• Relevant entities to process financial transactions, including payments and debt reconciliation.

• Organizations providing legal consulting, auditing, or project management solutions to facilitate cooperation.

• Partner data may be shared when Prep conducts sales, mergers, or transfers of business.

• Relevant state authorities: When requested by regulatory agencies, Prep will provide Partner data to comply with legal obligations.

 

3.4. Analysis Methods:

The analysis of personal data is conducted according to Prep's internal processes. We maintain strict monitoring mechanisms for each data analysis procedure, requiring checks to ensure compliance with legal data security requirements and information safety for the IT systems before proceeding with the analysis. We also have stringent rules to ensure that personal information is anonymized or de-identified at appropriate stages during processing.

 

3.5. Encryption Methods:

Collected personal data is encrypted according to appropriate encryption standards as needed during storage or data transfer to ensure that the data is protected, authenticated, intact, and cannot be altered after being sent.

 

3.6. Data Deletion Methods:

When Customers cease using products, goods, or services, or when Partners terminate cooperation with Prep and submit a valid request, we will delete personal data along with all personal data that the Customers or Partners have provided and/or that we have collected during the service provision and collaboration. However, Prep will continue to store data in cases where the law stipulates otherwise or in certain instances where deletion is not feasible, such as:

• Legal provisions that prohibit data deletion or require mandatory data retention.

• Personal data processed by state authorities for the purposes of government activities as prescribed by law.

• Personal data that has been publicly disclosed as per legal regulations.

• Personal data processed for legal, scientific research, or statistical purposes according to legal regulations.

• In situations of national defense emergencies, national security, social order, major disasters, or dangerous epidemics; when there is a threat to security and defense but does not reach the level of declaring a state of emergency; for riot prevention, terrorism, crime, and law violations.

• Responding to emergency situations threatening the life, health, or safety of Customers or other individuals.

 

Article 4. Organizations and individuals related to the purposes of processing personal data specified in Article 2

 

Within the scope permitted by law, Customers and Partners understand that Prep may share personal data for the purposes mentioned in Article 2 with the following organizations and individuals:

1. Organizations and individuals providing services and/or cooperating with Prep, including but not limited to: agents, consulting units, auditors, lawyers, notaries, and providers of information technology solutions, software, applications, operational services, management, troubleshooting, and infrastructure development;

2. Any individual or organization representing or authorized by the Customer, acting on behalf of the Customer or Partner;

3. Payment service providers based on the authorization or consent of the Customer.

4. Prep may share Customer and Partner information with competent state authorities when carrying out the purpose of processing personal data mentioned in Article 4 of this Policy according to legal regulations.

Data sharing will be conducted in accordance with the proper procedures, methods, and current legal regulations. The parties receiving personal data are obligated to ensure the confidentiality of the Customers' personal data in accordance with this Policy, the regulations, procedures, and standards for personal data protection of Prep, the obligations in the relevant contracts and agreements, and according to current legal regulations.

 

 

Article 5: Principles of Personal Data Protection

Prep has implemented reasonable practical and technical measures to protect the information it collects related to its Services. However, it should be noted that although Prep takes appropriate steps to protect Customer information, no website, Internet transmission, computer system, or wireless connection is absolutely secure.

1. The collection and use of information from Customers and Partners will only be carried out with the consent of the Customers and Partners, except where otherwise stipulated by law and in this regulation.

2. In addition to the entities mentioned in Article 4 of this Policy, Prep commits not to use, transfer, provide, or disclose Customers' and Partners' personal information to any third party without the consent of the Customers and Partners, except in cases specified in this regulation or by law.

3. In the event that the server storing the information is attacked by hackers, resulting in the loss of personal data of Customers and Partners, Prep is responsible for immediately notifying and working with the authorities to investigate and handle the situation promptly, while also informing the Customers and Partners about the incident.

 

Article 6: Unintended Consequences and Damages that May Occur to Customers' Personal Data

Prep utilizes various information security technologies to protect Customers' and Partners' Personal Data, ensuring that it is not accessed, used, or shared unintentionally. However, no data can be secured 100%. Therefore, Prep is committed to maximizing the security of Customers' and Partners' Personal Data. Some unintended consequences and damages that may occur include but are not limited to:

• Hardware or software failures during the processing of Personal Data, resulting in the loss of Customers' and Partners' Personal Data.

• Security vulnerabilities beyond Prep's control, leading to attacks by hackers that expose Customers' and Partners' Personal Data.

• Customers or Partners inadvertently exposing their own Personal Data due to negligence, fraud, or accessing websites/downloading applications containing malicious software.

• Prep advises Customers and Partners to strictly adhere to their responsibilities for protecting Personal Data as required by law.

• In the event that the data storage server is attacked by hackers, resulting in the loss of Customers' and Partners' Personal Data, Prep will be responsible for notifying the relevant authorities for timely investigation and handling, and will inform Customers and Partners about the incident.

 

Article 7: Duration of Personal Data Processing

1. Prep will begin processing Customers' personal data from the moment Customers or Partners consent to provide or allow Prep to collect their personal data as outlined in this policy notice. When the purpose of processing the personal data of Customers or Partners described in this policy has been fulfilled, is no longer necessary, or as required by applicable law, Prep will terminate the processing of Customers' and Partners' personal data by deleting or deactivating the data so that it cannot be accessed.

2. When Customers or Partners stop using the service or terminate collaboration, some information about them, including feedback/reviews on service quality, personal academic achievements, and results of collaboration, will continue to be stored in the system.

3. Prep takes reasonable steps to ensure that it retains information about Customers and Partners only for as long as necessary for the purposes for which the information was collected or as required by applicable law.

4. Prep may be required to retain Customers' and Partners' personal data even after the contract between the parties has been terminated to fulfill Prep's legal obligations as stipulated by law and/or requests from relevant authorities.

 

Article 8: Rights and Obligations of Customers and Partners

1. Rights of Customers and Partners:

1. Customers and Partners have the right to be informed about the processing of their personal data unless otherwise provided by law.

2. Customers and Partners may agree or disagree to allow the processing of their personal data unless otherwise provided by law:

• Customers/Partners can click the opt-out button when Prep sends notifications regarding access to their personal information. However, please note that doing so may restrict the full use of the features of the website https://prepedu.com/.

• Customers/Partners may choose to stop receiving promotional information by clicking the "Unsubscribe" button on the emails received from Prep.

3. Customers and Partners have the right to access, view, edit, or request the editing of their personal data, unless otherwise provided by law.

4. Customers and Partners have the right to withdraw their consent, unless otherwise provided by law: Customers and Partners can request the deletion of all their personal data by sending an email to the support department; they can also stop notifications sent to their devices in the account management section.

5. Customers and Partners can delete or request the deletion of their personal data, unless otherwise provided by law.

6. Customers and Partners can request the limitation of the processing of their personal data, unless otherwise provided by law.

The limitation of processing is implemented within 72 hours after the request from Customers and Partners for all personal data for which the data subject requests limitation, unless otherwise provided by law.

7. Customers and Partners can request the Data Controller and the Processor to provide their personal data, unless otherwise provided by law.

8. Customers and Partners can object to the Data Controller and the Processor processing their personal data to prevent or limit the disclosure of their personal data or its use for advertising and marketing purposes, unless otherwise provided by law.

9. Customers and Partners have the right to lodge complaints or lawsuits according to the law.

10. Customers and Partners have the right to claim compensation for damages according to the law in case of violations of personal data protection regulations unless otherwise agreed between the parties or provided by law.

11. Customers and Partners have the right to self-protection according to the Civil Code, other relevant laws, and this Decree, or request competent authorities and organizations to implement civil rights protection measures as stipulated in Article 11 of the Civil Code.

2. Obligations of Customers and Partners:

1. Compliance: Comply with the legal regulations, the provisions of this policy, and any other guidelines attached by Prep related to the processing of Customers' and Partners' personal data.

2. Providing Information: Provide complete, truthful, and accurate personal data and other information as required by Prep, and notify Prep of any changes to this information. Prep will ensure the security of Customers' and Partners' personal data based on the information registered by the Customers. Therefore, if there is any misinformation, Prep will not be liable if that information affects or limits the rights of the Customers or Partners. In cases where there is no notification or discrepancies in the provided data, if risks or losses arise, the Customer will bear full responsibility.

3. Cooperation: Cooperate with Prep, relevant authorities, or third parties in cases where issues arise that affect the security of Customers' and Partners' personal data.

4. Self-Protection: Self-protect their personal data; proactively apply measures to safeguard their personal data while using the online space; promptly notify Prep when they notice any errors or misunderstandings regarding their personal data or suspect that their personal data is being compromised.

5. Responsibility for Information: Be responsible for any information, data, or consent they create and provide in the online environment; bear responsibility in cases where personal data is leaked or compromised due to their own fault.

6. Monitoring Updates: Regularly monitor announcements about updates to Prep's personal data protection regulations and policies and take actions in accordance with Prep's guidance to clearly indicate their consent or dissent regarding the purposes of personal data processing that Prep informs Customers and Partners about during each period.

7. Respecting Others' Data: Respect and protect the personal data of others.

8. Other Responsibilities: Fulfill any additional responsibilities as stipulated by law.

 

Article 9: Complaints Regarding Personal Information, if Necessary

If Customers or Partners have any questions, feedback, or complaints regarding the misuse of their information beyond the scope or purpose notified, please contact Prep's customer service department using the following contact information:

Prep Joint Stock Technology Company

Head Office: No. 20, Alley 234/35, Hoang Quoc Viet Street, Co Nhue 1 Ward, Bac Tu Liem District, Hanoi City, Vietnam

Business Address: No. 21-C2, Nam Trung Yen Urban Area, Trung Hoa Ward, Cau Giay District, Hanoi City, Vietnam

Contact Address: 4th Floor, Vinaconex Building, No. 34 Lang Ha Street, Dong Da District, Hanoi City, Vietnam

Hotline: 0931.42.88.99

Email: support@prepedu.com

 

In the event that personal information is found to be used outside the notified scope/purpose, Prep will remove all identified information within 24 hours and maintain communication with Customers and Partners to resolve any arising issues.

Prep complies with all guidelines from state management agencies and legal regulations regarding the protection of personal information.

 

Article 10: Cases of Processing Personal Data Without the Consent of Customers or Partners

Prep may process Personal Data without the consent of Customers or Partners in the following cases:

 

• In emergency situations where immediate processing of relevant Personal Data is necessary to protect the life or health of the data subject or others.

• The public disclosure of personal data as required by law.

• The processing of data by state authorities in cases of emergency concerning national defense, security, social order, major disasters, or dangerous epidemics; when there is a risk threatening national security and defense but has not reached the level of declaring a state of emergency; preventing and combating riots, terrorism, and crime in accordance with legal regulations.

• To fulfill obligations under a contract involving the data subject with relevant agencies, organizations, or individuals as stipulated by law.

• To serve the activities of state agencies as prescribed by specialized laws.

 

Article 11: Implementation Provisions

By using Prep's products and services, Customers and Partners agree to this information security policy. Prep may adjust this policy at any time and publicly post the revised policy on its official communication channels. The continued collaboration and use of Prep's products and services by Customers and Partners, without any complaints regarding the revised policy, indicates that Customers and Partners have accepted the adjusted policy.

 

This policy has been formulated, issued, and implemented in accordance with the legal regulations on personal data protection and the responsibility for the protection of personal data by organizations as per Decree 13/2023/ND-CP, effective from July 1, 2023.