Poly Educuational Service Co. Ltd, ("Company") complies with the laws on personal information protection, including the Vietnamese Law on Network Information Security No. 86/2015/QH13 (Nov. 19, 2015).
The "company" complies with the personal information protection regulations under the relevant laws and regulations that information and communication service providers must comply with, and is doing its utmost to protect the rights and interests of users by setting a privacy policy under the relevant laws.
The Company’s privacy policy contains the following.
- Items and methods of collecting personal information.
- Purpose of collecting and using personal information.
- Sharing and providing personal information.
- Providing personal information to a third party.
- Consignment of handling personal information.
- Period of retention and use of personal information.
- Procedures and methods for destroying personal information.
- Rights of users and legal representatives and methods of exercising them.
- Matters concerning the installation/operation and refusal of automatic personal information collection devices.
- Technical/management protection measures for personal information.
- Protection of children's personal information.
- Establishment of youth protection policies and designation of a person in charge of youth protection.
- Contact information of the person in charge of personal information management and the person in charge.
- Obligation to notify
1. Items and methods of collecting personal information to be collected.
A. Items of personal information to be collected.
First, the company collects the following personal information at the time of initial membership registration to sign up for membership, give customer counseling, and provide various services.
1) Student member.
- Required items: name, nationality, photo, returning student, home phone number, mobile phone number, legal representative mobile phone number, date of birth, school, grade, address, school number, password, e-mail address
- Optional items: Name of siblings attending the POLY Centers, transfer educational institution, cash receipt issuance number, return student certification document (grade/certificate of enrollment), and overseas stay information
2) Parent member.
- Required items: name, address, home phone number, mobile phone number, e-mail address, ID, password, and information on children's academy (lecture course, name, school number)
3) General members.
- Required items: name, address, home phone number, mobile phone number, e-mail address, ID, password
- Optional item: Child information (grade or age, English learning period/institution)
Second, the following information can be generated and collected during the service use process or business processing process.
- User's browser type and OS, IP Address, Cookie, Date and Time of Visit, Service Usage Record, Access Log, Defective Usage Record.
Third, the following payment information may be collected in the process of using the paid service.
- When paying with a credit card: Card company name, card number, etc.
- When paying on a mobile phone: Mobile phone number, carrier, payment approval number, etc.
- Account transfer. - Bank name, account number, etc.
- When using a gift certificate. - Gift certificate number.
- When paying in cash: Cash receipt number.
Fourth, the following information may be collected in the process of academic analysis.
- The history and grades of "enrollment member" taking various tests conducted by "company"
- The history and grades of "enrollment member" taking part in external competitions, etc. through "company"
B. How to collect personal information.
The company collects personal information in the following ways.
- Collect through the website, written form, phone, fax (modal transmission), e-mail (email), counseling bulletin board, event application, delivery application, customer center, service subscription or voluntary provision by users during use.
- The mobile phone number uses mobile phone information certified by Nice Evaluation Information©
2. Purpose of collecting and using personal information.
A. Providing basic functions.
Collecting personal information and providing educational information to provide customized services optimized through personal identification of members.
B. Implementation of a contract on service provision and settlement of charges according to service provision.
Providing learning content, providing specific customized services, sending goods or bills, identification, purchase and fee payment, and fee collection.
C. Member management.
Identification according to membership service use and limited identification system, prevention of illegal use of defective members (members suspended from permanent use, restriction of subscription, confirmation of legal representatives, and handling complaints.
D. Developing new services and using them in marketing and advertising.
New service development and customized service provision, confirmation of entrance results for service management, service provision and advertisement posting according to statistical characteristics, service validity verification, event and advertising information provision and opportunity to participate, access frequency identification, statistics on members' service use, and video marketing.
3. Sharing and providing personal information.
The company uses users' personal information within the scope notified by the "2. Purpose of Collection and Use of Personal Information" and does not use it beyond the same range or disclose the user's personal information to the outside in principle without the user's prior consent. However, in the following cases, personal information can be used and provided with caution.
A. If users agree to disclose in advance, they will go through a procedure to inform and seek consent to who the business partner is and how it is protected/managed before collecting or providing information, and if the user disagrees, they will not collect or share additional information with the business partner.
A. If users agree to disclose in advance, they will go through a procedure to inform and seek consent to who the business partner is and how it is protected/managed before collecting or providing information, and if the user disagrees, they will not collect or share additional information with the business partner.
4. Provision of personal information to a third party.
The personal information of the information subject is processed only within the scope specified in the Law on Network Information Security No. 86/2015/QH13 (Nov. 19, 2015).
5. Consignment of handling personal information.
In order to improve the service, the company entrusts personal information as follows, and in accordance with relevant laws and regulations, it stipulates necessary matters to ensure that personal information is safely managed when signing a consignment contract.
In addition, the company specifies liability such as prohibition of personal information processing, technical and administrative protection, restriction of re-consignment, and supervises whether the trustee handles personal information safely.
6. Period of retention and use of personal information.
In principle, the user's personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. However, the following information is preserved for the period specified for the following reasons.
A. Reasons for holding information according to the company's internal policy.
- Student information.
Reason for preservation: Check information when returning to the Center or re-enrolling at the Center.
Retention item: Required item, selected item
Preservation period: 3 years after taking a leave of absence and withdrawal.
- Record of fraudulent use record.
Reason for preservation: Prevention of fraudulent use
Preservation period: 1 year.
- Placement test record.
Reason for preservation: Prevention of illegal admission.
Preservation period: 3 years after withdrawal.
- Lecture course and payment record.
Reasons for preservation: Preservation of transaction details
Preservation period: 5 years.
- Various grades.
Reasons for preservation: various statistics, academic counseling
Preservation period: Permanent preservation
B. Reasons for holding information under relevant laws and regulations.
If it is necessary to preserve it in accordance with the provisions of related laws, the company keeps personal information for a certain period of time prescribed by the relevant laws. In this case, the company uses the information it keeps only for the purpose of its storage, and the preservation period is as follows.
- Records of contract or withdrawal of subscription.
Preservation period: 5 years.
- Records of payment and supply of goods, etc.
Preservation period: 5 years.
- Records of consumer complaints or disputes.
Preservation period: 3 years.
- Electronic financial transaction records.
- Records of visits.
Preservation period: 3 months.
7. Procedures and methods for destroying personal information.
In principle, the user's personal information is destroyed without delay when the purpose of collecting and using personal information is achieved. The company's personal information destruction procedure and method are as follows.
A. Destruction procedure.
- The information entered by the user for membership registration, etc., will be transferred to a separate database (separate document box for paper) and destroyed after being stored for a certain period of time (see retention and usage period) according to internal policy and other reasons for information protection reasons.
- This personal information is not used for any purpose other than holding it unless it is in accordance with the law.
B. Method of destruction.
- Personal information printed on paper is crushed or destroyed through incineration.
- Delete personal information stored in the form of an electronic file using a technical method that cannot play records.
C. Reasons for exception.
- If it falls under the exceptions stipulated in the relevant laws and Article 6, the personal information shall be kept until the specified preservation period within the scope of the preservation reason, and shall be destroyed as soon as the preservation period expires.
D. Personal information management of users who do not use it.
- Personal information of users who have not used the service provided by the company for three years is destroyed immediately after three years or stored and managed separately from other users' personal information, and personal information stored and managed separately is not used or provided.
- The company will immediately destroy or notify the user of the fact that it is stored and managed separately by e-mail, written, telephone, or any similar method 30 days before the expiration of the three-year period.
8. Rights of users and legal representatives and methods of exercising them.
- Student members and parent members (legal representatives) may exercise the following personal information protection rights against themselves registered with the company at any time or children under the age of 14.
1. Request to read personal information.
2. If there is an error, etc., request correction.
3. Request deletion.
4. Request for suspension of processing.
- The exercise of rights for
- Student members and student parent members (legal representatives) may at any time inquire or modify the personal information of themselves registered or children under the age of 14, and may request withdrawal of consent or cancellation of membership.
- If a student member and a student's parent member (legal representative) want to modify personal information except for the student member's password, the person in charge of each academy will correct it.
- All members can change their passwords freely in the "PW Modify" section of the service.
- If a user requests correction of an error in personal information, the company will prohibit the use and provision of the personal information until the correction is completed. In addition, if the above wrong personal information has already been provided to a third party, we will notify the third party of the correction process without delay so that the correction can be made.
- At the request of the user or legal representative, the company processes personal information withdrawn, terminated, or deleted at the request of the user or legal representative as specified in the "6. Period of Retention and Use of Personal Information" and cannot be viewed or used for other purposes.
9. Matters concerning the installation/operation and refusal of automatic personal information collection devices.
In order to provide personalized and customized services to individual members, the company uses "cookies" that stores and calls members' information from time to time.
Cookies are a small package of data sent to your browser by the server used to run the website and are stored on your computer's hard disk.
A. The purpose of using cookies.
Target marketing and personalized services are provided by analyzing the frequency of access and visit time of members and non-members, identifying users' tastes and interests, tracking their own lives, and identifying the degree of participation in various events and visits.
B. How to reject cookie settings.
Users have the option of installing cookies. Therefore, users may allow all cookies by setting options in a web browser, go through verification whenever they are saved, or refuse to save all cookies.
e.g.) Setting method Example (for Internet Explorer): Tools at the top of the web browser > Internet Options > Personal Information
However, if you refuse to install cookies, it may be difficult to use some services that require login.
10. Technical and administrative protection measures for personal information.
The company is administering the following technical/management measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in handling users' personal information.
A. Encrypt the password.
The user's password is encrypted, stored, and managed, so only he/she knows, and personal information can be verified only by himself/herself who knows the password.
B. Countermeasures against hacking.
The company is doing its best to prevent the leakage or damage of members' personal information by hacking or computer viruses. In case of damage to personal information, data is frequently backed up, personal information or data of users is prevented from being leaked or damaged using the latest vaccine programs, and personal information can be safely transmitted on the network through cryptographic communication. In addition, we control unauthorized access from the outside using an intrusion blocking system, and we are trying to equip all possible technical devices to ensure security in the system.
C. Minimization and training of handling staff.
The company's personal information handling staff are limited to those in charge, and a separate password is given to renew them regularly, and compliance with the Company’s privacy policy is always emphasized through occasional training for those in charge.
D. Manage your personal ID and password.
In principle, the ID and password used by the user are intended to be used only by the user. The company is not responsible for the leakage of personal information such as IDs, passwords, and cell phone numbers due to the user's personal carelessness and the dangers of the basic Internet. Please change your password frequently with a security awareness of the password and pay special attention to prevent personal information from being leaked when logging in from a public PC.
11. Protection of children's personal information.
The company is equipped with the following devices to protect the personal information of children under the age of 14.
A. Children under the age of 14 are seeking consent from their legal representatives when collecting personal information.
B. The method of consent is to enter the name, e-mail, contact information, address, etc. of the legal representative, and is implemented according to the consent method of the Ministry of Information.
C. The company shall notify the child of the purpose of collecting, using, or providing personal information and the purpose of obtaining consent from a legal representative in a simple way that children can easily understand.
D. Legal representatives of children under the age of 14 may request access, modification, and deletion of children's personal information, and the company takes necessary measures without delay in such requests.
E. If a legal representative requests correction of an error for personal information collected from a child under the age of 14, the company will prohibit the use and provision of the personal information until the error is corrected.
12. Establishment of youth protection policies and designation of a person in charge of youth protection.
The company establishes and implements youth protection policies based on the Law on Network Information Security No. 86/2015/QH13 (Nov. 19, 2015) to help teenagers grow into healthy personalities.
The company prevents teenagers under the age of 19 from accessing harmful information deliberation regulations on information and communication.
A. Restrictions on access to harmful information and management measures for youth.
- The company periodically monitors the existence of harmful media in the company's online service bulletin board and file upload space.
- If harmful media are found within the company's service, the company immediately deletes them.
- The company immediately deletes links to harmful sites within the company's services.
B. Implementation of training in charge of business for youth protection from harmful information.
The company trains information and communication workers on laws and sanctions related to youth protection, how to cope with harmful information, and reporting procedures for handling violations.
C. Counseling for damages caused by harmful information and handling grievances.
The company has deployed professionals for damage counseling and grievance handling due to harmful information for teenagers to prevent the spread of the damage, so users should consult and deal with the damage through phone or e-mail.
The person in charge of youth protection.
Name:
Phone:
Position:
E-mail:
The company is doing its utmost to ensure that teenagers can safely use good information.
13. Contact information of the person in charge of personal information management and the person in charge.
In order to protect personal information and handle complaints related to personal information, the company designates related departments and personal information managers as follows.
Person in charge of personal information management Person in charge of personal information management
Name:
Phone:
Position:
E-mail:
You can report all personal information protection complaints arising from using the company's services to the personal information management manager or the department in charge. The company will respond quickly and sufficiently to the member's report.
14. Obligation to notify
If there is any addition, deletion, or modification of the current personal information processing policy, we will notify you through the website.