Viet Nam National Cyber Security Technology Joint Stock Company (“NCS”) always places great importance on the protection of Personal Data in the course of collecting and using Personal Data (as defined below). This Personal Data Protection Policy (“Policy”) is intended to inform data subjects of their rights, the manner in which NCS processes Personal Data, and the purposes for which Personal Data is collected, as well as NCS’s compliance with applicable legal requirements.
NCS may amend this Policy from time to time as necessary to meet its operational needs and to ensure compliance with applicable laws and regulations.
- Definitions
1.1. Personal Data
“Personal Data” means digital data or information in other forms that identifies or helps identify a specific individual, including Basic Personal Data and Sensitive Personal Data. Personal Data that has been anonymized shall no longer be considered Personal Data.
1.2. Basic Personal Data
“Basic Personal Data” means Personal Data reflecting common personal identity and background elements that are frequently used in transactions and social relations, as prescribed in the list promulgated by the Government, including but not limited to:Surname, middle name, given name at birth, and other names (if any);Date, month, year of birth; date, month, year of death or missing declaration;Gender;Place of birth; place of birth registration; permanent residence; temporary residence; current place of residence; hometown; contact address;Nationality;Personal images;Telephone number; identity card/citizen identification number; personal identification number; passport number; driver’s license number; vehicle registration plate number; personal tax identification number; social insurance number; health insurance number;Marital status;Information on family members (parents, children, grandparents, spouse, siblings, siblings of parents, and other persons having family relationships);Information relating to an individual’s digital accounts;Personal Data reflecting activities or activity history in cyberspace;Other Personal Data associated with or capable of identifying a specific individual (other than those specified in Clause 1.3 of this Article).
1.3. Sensitive Personal Data
“Sensitive Personal Data” means Personal Data closely associated with an individual’s privacy, the infringement of which may directly affect the lawful rights and interests of agencies, organizations, or individuals, as prescribed by the Government, including but not limited to:Health status and private life recorded in medical records;Political opinions and religious beliefs;Information relating to racial or ethnic origin;Information regarding physical attributes and unique biological characteristics;Bank account information;Location data of an individual in the performance of certain activities;Other Personal Data classified by law as Sensitive Personal Data.
1.4. Personal Data Protection
“Personal Data Protection” means the use by agencies, organizations, or individuals of resources, means, and measures to prevent and combat acts infringing upon Personal Data.
1.5. Personal Data Processing
“Personal Data Processing” means any operation or set of operations performed on Personal Data, including but not limited to: collection, analysis, aggregation, encryption, decryption, modification, deletion, destruction, anonymization, provision, disclosure, transfer, and other activities affecting Personal Data.
1.6. Personal Data Subject
“Personal Data Subject” means the individual to whom the Personal Data relates.
1.7. Personal Data Controller
“Personal Data Controller” means an agency, organization, or individual that determines the purposes and means of processing Personal Data.
1.8. Personal Data Processor
“Personal Data Processor” means an agency, organization, or individual that processes Personal Data on behalf of a Personal Data Controller pursuant to a contract or agreement.
1.9. Personal Data Controller and Processor
“Personal Data Controller and Processor” means an agency, organization, or individual that determines the purposes and means of processing and directly processes Personal Data.
1.10. Relationship Between You and NCS
In the course of processing your Personal Data:
– You are the Personal Data Subject;
– NCS acts as the Personal Data Controller or the Personal Data Controller and Processor;
– Any party authorized by NCS to process the Personal Data you provide shall be the Personal Data Processor. - Categories of Personal Data Processed
The Personal Data processed includes data provided by candidates to NCS when seeking information about, applying for, or participating in recruitment for positions advertised by NCS on its website, including:(i) Basic Personal Data as specified in Clause 1.2 of this Policy;
(ii) Sensitive Personal Data as specified in Clause 1.3 of this Policy (if included in the application dossier);
(iii) Information and data generated during interactions, application submission, interviews, competency assessments, or work-related communications between the candidate and NCS via the website or related channels, including access behavior data, application history, interview feedback, and technical identifiers such as IP addresses or cookies (if any).NCS shall only process Personal Data to the extent necessary to achieve the notified lawful purposes and shall ensure that such data is collected lawfully, transparently, and in compliance with the Law on Personal Data Protection 2025 and Decree No. 13/2023/NĐ-CP. - Processing of Your Personal Data
NCS may process your Personal Data directly or authorize a Personal Data Processor to do so under a service contract or similar agreement.Your Personal Data and/or information may be transferred abroad, stored, or processed outside your country for the purposes specified in Article 5 of this Policy. NCS shall only transfer Personal Data abroad in compliance with applicable laws on personal data protection, including full compliance with the Law on Personal Data Protection 2025 and Decree No. 13/2023/NĐ-CP; notification to the competent state authorities of cross-border data transfers; and ensuring that Personal Data is protected in accordance with standards equivalent to those prescribed under Vietnamese law. - Disclosure of Personal Data
NCS may share your Personal Data with third parties, including:(i) Subsidiaries, parent companies, affiliated companies, and individuals or organizations acting as consultants for NCS’s recruitment purposes;
(ii) Personal Data Processors authorized by NCS to process Personal Data under lawful contracts or agreements.Personal Data shall only be shared after NCS has:
(i) informed you of the identity, scope, and purpose of the data recipient; and
(ii) obtained your consent for each recipient or group of recipients, in accordance with the Law on Personal Data Protection 2025 and Decree No. 13/2023/NĐ-CP. - Purposes of Personal Data Processing
NCS processes your Personal Data for the following purposes:
– Collecting information on potential candidates for recruitment needs;
– Reviewing and evaluating candidate applications;
– Conducting interviews and assessing interview results;
– Using Personal Data as input information upon the data subject’s recruitment by NCS;
– Sending notifications of suitable job opportunities or updates on recruitment processes (subject to your consent);
– Complying with legal obligations related to Personal Data protection and reporting to competent state authorities. - Rights and Obligations of the Personal Data Subject
6.1. Rights
Personal Data Subjects have the right to:
a) Be informed of Personal Data processing activities;
b) Consent or refuse consent, and withdraw consent to Personal Data processing;
c) Access, correct, or request correction of their Personal Data;
d) Request provision, deletion, restriction of processing, or object to the processing of Personal Data;
e) Lodge complaints, denunciations, initiate legal proceedings, or claim damages in accordance with law;
f) Request competent authorities or relevant organizations and individuals involved in Personal Data processing to apply measures to protect their Personal Data in accordance with law.
6.2. Obligations
Personal Data Subjects are obliged to:
a) Protect their own Personal Data;
b) Respect and protect the Personal Data of others;
c) Provide complete and accurate Personal Data in accordance with law, contracts, or consent given for processing;
d) Comply with laws on Personal Data protection and participate in preventing and combating acts infringing upon Personal Data. - Data Retention Period
Personal Data shall be retained from the time a recruitment relationship arises with NCS until you request deletion of your Personal Data or, in the event you are not recruited, unless otherwise agreed between the parties. If you become an employee of NCS, your Personal Data shall be retained in accordance with labor laws and other relevant regulations. - Reference Checks
NCS may conduct background checks directly or through third parties acting on its behalf. Such reference checks shall be limited to information regarding your previous employment or other scopes permitted by law and directly serving recruitment purposes. You represent and warrant that you have obtained all necessary consents from your referees for the provision of their information in your application dossier for NCS or its authorized parties to contact and verify such information. - Withdrawal of Consent
You may withdraw your consent to the continued use, disclosure, storage, and/or processing of your Personal Data at any time by contacting NCS at:
Email: hr@ncsgroup.vn
Telephone: +84 24 85 888 000
Upon withdrawal of consent, NCS will be unable to continue processing your application. Your application dossier may be deleted from the system, and the recruitment process will be terminated. This may result in your inability to participate in interviews, assessments, or receive recruitment results from NCS. Previously provided data shall no longer be used or processed for any purpose, unless otherwise required by law. - Risks and Security Measures
The Personal Data Subject acknowledges that despite the implementation of the most stringent security and management measures by the Personal Data Controller and/or Processor, risks such as cyberattacks or data breaches may still occur.
NCS commits to applying appropriate technical, organizational, and administrative measures to protect Personal Data, including data encryption, access control, system monitoring, and compliance with cybersecurity standards under the Law on Personal Data Protection 2025 and Decree No. 13/2023/NĐ-CP. In the event of incidents or force majeure circumstances, the Personal Data Subject understands that there may be risks of unlawful use of Personal Data, including fraud or other illegal activities by unauthorized users. NCS shall promptly notify you and the competent state authorities in such cases. - Consent Confirmation
By selecting the “Agree” checkbox or performing other verifiable electronic actions, you confirm that you have read, fully understood, and agreed to this Notice and consent to NCS processing your Personal Data in accordance with the scope, purposes, duration, and provisions set forth herein, in compliance with the Law on Personal Data Protection 2025 and Decree No. 13/2023/NĐ-CP.
This consent shall take effect from the time of confirmation and may be updated or amended to comply with new legal requirements. Any amendments shall be notified in advance, and your renewed consent shall be obtained prior to implementation.
