Handling of Personal Information
(1) Purpose of Use of Retained Personal Data
As stated in Section 1 (1) - (8) above.
(2) Procedures for Requests for Disclosure, Correction, Deletion, Suspension of Use, or Suspension of Provision to Third Parties
For personal data retained by the Company, when a request is made for notification of the purpose of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to a third party (collectively referred to as “requests for disclosure, etc.”), or for disclosure of records of provision to third parties, the Company will respond promptly and appropriately.
For details on the specific procedures for submitting such requests (including the contact point, application form, and identity verification process), please contact the department listed in Section 4 below.
Về quy trình cụ thể để thực hiện yêu cầu công khai, v.v. (bao gồm nơi tiếp nhận, mẫu đơn, xác minh danh tính…), xin vui lòng liên hệ tới bộ phận được ghi tại Mục 4 dưới đây.
(3) Contact Point for Complaints Related to the Handling of Retained Personal Data
For any complaints regarding the handling of retained personal data by the Company, please contact the department listed in Section 4 below.
(4) Safety Management Measures for Retained Personal Data
The Company implements necessary and appropriate measures to ensure the safe management of retained personal data, taking into full consideration the conditions of the external environment.
| Organizational Safety Management Measures | The Company has established an appropriate organizational structure and operates in compliance with internal regulations concerning the handling of personal data. It monitors the status of personal data processing, maintains a response framework in the event of data leakage or related incidents, and regularly reviews and improves its handling procedures and safety management measures. |
|---|---|
| Personnel Safety Management Measures | The Company conducts regular training and awareness programs for employees regarding proper handling of personal data. In addition, employees are required to sign confidentiality agreements, which include clauses pertaining to the protection and non-disclosure of personal data. |
| Physical Safety Management Measures | The Company implements necessary measures to control access to areas where personal data is processed, prevent theft or loss of devices and electronic media, and protect information during the transfer of such devices. Furthermore, it ensures the secure deletion of data and safe disposal of devices and electronic media. |
| Technical Safety Management Measures | The Company employs access control, authentication, and user identification mechanisms for its information systems. It also takes preventive measures against unauthorized external access and safeguards information from leakage during system use. |
(5) Outsourcing of Personal Data Processing
In certain cases, the Company may entrust the processing of personal data to third parties. When doing so, the Company exercises necessary and appropriate supervision to ensure that the entrusted parties implement adequate measures for the secure management of personal data.
3. Basic Policy on Information Security
| 01 | The Company gives top priority to implementing preventive measures to protect clients’ information assets, ensuring the prevention of loss, damage, falsification, or leakage. |
|---|---|
| 02 | The Company applies appropriate security measures to its own information assets, based on their level of importance, while maximizing their operational and strategic value. |
| 03 | The Company has established a Risk Management Committee and appointed Information Security Managers in each department to create a comprehensive organizational framework for implementing, operating, and promoting information security measures. |
| 04 | The Company conducts regular training and awareness programs for all employees, including part-time staff, to ensure full understanding and compliance with the Information Security Policy. All personnel involved in handling information assets bear the obligation and responsibility to adhere to this policy. |
| 05 | The Company regularly evaluates information asset risks from multiple perspectives, taking into account technological advancements and changes in the business environment. The results of these assessments are reflected in policies and countermeasures to maintain and strengthen information security. |
| 06 | The Company conducts periodic audits on the implementation of information security measures. When any issues are identified, immediate corrective actions are taken to ensure effective security management. |
| 07 | The Company is committed to maintaining order in the digital and internet environment, contributing to the healthy development of a secure and responsible digital society. |
| 08 | The Company complies with all applicable laws, regulations, and standards related to information security. |
| 09 | The Company has established, implemented, and maintains an Information Security Management System (ISMS), and continually reviews and improves it to enhance its ability to respond effectively to information security risks. |
4. Contact for Inquiries Regarding the Handling of Personal Information
SanAn Corporation
Personal Information Protection Manager:
Chief Executive Officer – Lê Anh Tuấn
Tel: (+84) 24-3206-5683
E-mail: security@sanancorp.com