Event Privacy Policy

1. Introduction

Deloitte Vietnam Holding Joint Stock Company and other related entities in Vietnam ("Deloitte Vietnam") are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member of Deloitte Asia Pacific Limited, which is a member firm of the Deloitte Network. Deloitte in Vietnam, which is within the Deloitte Network, is the entity that is holding this event and is referred to in this Privacy Policy as "we", "us", or "our". We are a privacy conscious global organization and this Privacy Policy explains how we protect personal data gathered from your registration for and participation in this event.

2. Personal data collection

“Personal Data” refers to information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual.

You need to provide your personal data in order to register for the event. We only collect personal data that is specifically and voluntarily provided by you for the purposes consented by you. Such data may consist of, but is not limited to, your name, current job title, company, email address and telephone number.

We do not usually seek sensitive personal data (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from participants. We will, where necessary, obtain your explicit consent to collect and use such information.

3. Personal data use purposes

We may use your personal data for purposes listed below. You will be required to indicate your consent to these purposes upon the registration form of each event.

a) The information you submit will be used to manage your registration and for other administrative or logistical purposes in relation to the event. Certain information such as your name, role and company name may also be used for an attendee list or displayed onscreen during the event. If you prefer that your information is not shared in the attendee list or displayed onscreen, please contact Deloitte Vietnam (deloittevietnam@deloitte.com) before the event date.

b) We may also use your personal data for marketing purposes, or to send you promotional materials or communications regarding services provided by entities within the Deloitte Network that we feel may be of interest to you. We may also contact you to seek feedback on services provided by entities within the Deloitte Network or for market or other research purposes. If you no longer wish to receive marketing materials, please send an email to Deloitte Vietnam (Deloittevietnam@deloitte.com).

c) Your personal data may also be used to protect our rights or property and that of other participants and, where appropriate, to comply with legal process. However, we will notify you in advance in case your personal data is used for this purpose.

d) Your personal data may also be used to meet or comply with Deloitte Vietnam’s internal policies and procedures and any applicable rules, laws, regulations, codes of practice or guidelines, orders or requests issued by any legal or regulatory bodies (including but not limited to disclosures to regulatory bodies, conducting checks, surveillance and investigation).

4. Personal data processing

a) “Personal data processing” refers to one or multiple activities that impact on personal data, including collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction or other relevant activities.

b) We process your personal data by ourselves. In case we process your data through a third party authorized by us or having contractual relationship with us, we will notify you in advance.

c) The processing of the your personal data can be done in any form, including but not limited to processing through paper, audio, video recording or in the form of electronic information messages.

d) We may adopt technologies, applications, software developed by us to process your Personal data. In case these technologies, applications, software are developed by other third party (which may be a domestic or foreign supplier) via a contractual relationship including, but not limited to Outlook, OneDrive, Microsoft Office,… we will notify you in advance.

e) We may provide your personal data to other entities within the Deloitte Network in order to provide you with information that could be of interest to you and conduct market or other research.

All of these disclosures may involve the transfer of personal data to countries or regions without data protection rules similar to those in effect in your area of residence. In addition, we may transfer certain information to countries across geographical borders to other Deloitte Network firms or to third parties working with us or on our behalf. By providing personal data, you consent to this transfer of personal data across borders. We ensure that a standard of protection is accorded to your personal data so transferred in accordance with applicable law.

Personal data may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.

f) Personal data processing period starts from the date you provide your consent to us to process your Personal data and end when the above purposes are fulfilled or when you withdraw your consent by sending us a written notice.

5. Retention of personal data

a) We will retain your personal data for as long as the data is reasonably required to fulfil the above purposes or until you withdraw your consent by sending us a written notice.

b) We may store your personal data in Vietnam or a jurisdiction outside Vietnam where the purpose is provided or where you are based.

6. Rights and Obligations of Personal Data Subjects

You, as a Personal Data Subject, have all the rights and obligations prescribed by laws, including but not limited to the followings:

a) Personal Data Subject’s rights according to Article 9 of Decree No. 13/2023/ND-CP dated 17 April 2023 regarding Personal Data Protection (“Decree 13”) (as amended or replaced from time to time): Right to Know, Right to Consent, Right to Access, Right to Withdraw Consent, Right to Delete Data, Right to Restrict Data Processing, Right to Provide Data, Right to Object to Data Processing, Right to Complain – Denounce – Sue, Right to Claim Compensation, Right to Self-Defense.

b) Personal Data Subject’s obligations according to Article 10 of Decree 13: to protect his/her own personal data; request relevant organizations and individuals to protect his/her own personal data; to respect and protect others’ personal data; to fully and accurately provide personal data when give consent to the processing of personal data; to participate in the dissemination of personal data protection skills; to comply with regulations on protection of personal data and prevent violations against regulations on protection of personal data.

7. Personal data protection, risks and undesirable consequences

The processing of personal data may pose the risk of data leakage or inappropriate handling of data. We understand the importance of personal data protection, and therefore we place great importance on ensuring the security of your personal data. We regularly review and update our technical and organizational security measures when processing your personal data and comply with regulations on personal data protection. Our employees are trained to handle the personal data securely and with utmost respect, failing which they may be subject to disciplinary action.

8. Changes to our Event Privacy Policy

This Event Privacy Policy may need to be amended from time to time to comply with prevailing law. To let you know when we make changes to this Privacy Policy, we will amend the date at the top of this page. The new, modified, or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your data.

9. Children's privacy protection

We understand the importance of protecting children's privacy. Our events are not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16.