www.fpt-software.com
Open in
urlscan Pro
2606:4700::6812:1197
Public Scan
Submitted URL: https://blog.fpt-software.com/e3t/Ctc/5C+113/cDx7K04/VVZQXJ70nlwdW6F7qlg9gGdlcW7Pgndt4Kc5hWN3DlwF_3q3nJV1-WJV7CgNSmW1P3rJn3Vdy...
Effective URL: https://www.fpt-software.com/data-protection-policy/?utm_campaign=Inside%20Sale&utm_medium=email&_hsmi=213011861&_hsenc=p2ANq...
Submission: On May 18 via api from SG — Scanned from DE
Effective URL: https://www.fpt-software.com/data-protection-policy/?utm_campaign=Inside%20Sale&utm_medium=email&_hsmi=213011861&_hsenc=p2ANq...
Submission: On May 18 via api from SG — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://www.fpt-software.com/
<form method="get" id="mega_main_menu_searchform" action="https://www.fpt-software.com/">
<i class="im-icon-search-3 icosearch"></i>
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search">
<input type="text" class="field" name="s" id="s">
</form>GET https://www.fpt-software.com/
<form class="search-form" itemprop="potentialAction" itemscope="" itemtype="https://schema.org/SearchAction" method="get" action="https://www.fpt-software.com/" role="search">
<meta itemprop="target" content="https://www.fpt-software.com/?s={s}"><input itemprop="query-input" type="search" name="s" placeholder="Search this website …"><input type="submit" value="Search">
</form>Text Content
Menu ≡ ╳
* Services
* Digital Consulting
Digital Transformation
Digital transformation is an obstacle-ridden marathon. At FPT Software, we
can smoothen such race with new technologies, comprehensive DX roadmaps and
well-researched methodology.
Read More
* Digital Innovation
Digital Innovation
Businesses are ramping up their effort to optimize the business outcome
with Cloud Computing, Big Data Analytics, Mobility and Internet of Things.
In many industries, technology is radically changing the way businesses
work. At FPT, we’re providing solutions and services to help you do that.
* Outsourcing Services
* Application Services
* Digital Processing Service
* Managed Services
* Legacy Migration
* Testing
* IC Design
* Building Information Modeling
* CAD/CAE
* Embedded System
* Enterprise Services
* SAP
* Next-Gen Technologies
* AI
* Hyperautomation
* AR/ VR
* Blockchain
* Cloud
* Mobility
* IoT
* Advanced Analytics
* Digital Platform Services
* Smart Factory
* IoV/ Connected Vehicles
* Cyber Security
* Digital Commerce
* Digital Distribution Central
* Digital Marketing
* Rebadging
Rebadging IT Services Personnel
Staying lean is just critical as being agile but tightening the belt often
hurts business creativity. With Rebadging, FPT Software stops this
trade-off and allows the co-existence of cost optimization, operational
efficiency and robust innovations.
Read More
* Industries
* Aviation
* Automotive
* Banking Finance (BFSI)
* Media & Entertainment
* Healthcare
* Logistics
* Manufacturing
* Utility
* Products
* akaSuite
akaSuite
An integrated suite of innovative digital tools empowering organizations to
scale new heights
* Unlock new value pools
* akaChainEnterprise Blockchain Platform
* akamindsData Container Platform
* CloudSuiteAn Accelerator for Cloud Journey
* Achieving Operational excellence
* akaBotRobotic Process Automation
* akaTransAI-powered Translation Solution
* akaWorkDevOps Solution
* akaDevLow Code Platform
* akaMESMOM/MES Platform
* akaATAll-in-one Automation Test Solution
* akaNOXComprehensive Data Migration Toolset
* ATOMPAutomation testing on Multi-Platforms
* SoraTrustCloud Security Posture At Its Finest
* Reimagine Experiences
* akaLinkEmployee Engagement Platform
* akaCoolaSmart Home Product
* akaDriveAutonomous Driving Solution
* akaInsightsCustomer Data Platform
* akaMeetVideo Collaboration Platform
* CrystalSoundUltimate audio quality creator
* Newsroom
* News
* Press Release
* Customer Testimonials
* Event Calendar
* Resource Center
* Innovation Hub
* Case Studies
* Whitepapers
* Technology Blog
* About us
* About FPT Software
* About FPT Corporation
* Why FPT Software?
* Global Presence
* Our Campus
* Our Partner Network
* Board of Management
* History
* Contact Us
* Career
* Global
* Global (En)
* German
* French
* 日本語
* Korea
* 中文
* APAC (En)
*
DATA PROTECTION POLICY
HOME / ABOUT US
Data Protection Policy
ABOUT FPT SOFTWARE
FPT Corporation is a global leading technology and IT services provider
headquartered in Vietnam, with nearly US$1.3 billion in revenue and 30,000
employees in 26 countries. As a pioneer in digital transformation, FPT delivers
world-class services in Smart factory, Digital platforms, RPA, AI, IoT,
Enterprise Mobility, Cloud, AR/VR, Business Applications, Application Services,
BPO, and so on. The company has served over 700+ customers worldwide, a hundred
of which are Fortune Global 500 companies in the industries of Aerospace &
Aviation, Automotive, Banking and Finance, Logistics & Transportation, Utilities
and more.
CONTACT US
HOME / ABOUT US
Data Protection Policy
ABOUT FPT SOFTWARE
FPT Corporation is a global leading technology and IT services provider
headquartered in Vietnam, with nearly US$1.3 billion in revenue and 30,000
employees in 26 countries. As a pioneer in digital transformation, FPT delivers
world-class services in Smart factory, Digital platforms, RPA, AI, IoT,
Enterprise Mobility, Cloud, AR/VR, Business Applications, Application Services,
BPO, and so on. The company has served over 700+ customers worldwide, a hundred
of which are Fortune Global 500 companies in the industries of Aerospace &
Aviation, Automotive, Banking and Finance, Logistics & Transportation, Utilities
and more.
CONTACT US
HOME / ABOUT US
Data Protection Policy
ABOUT FPT SOFTWARE
FPT Corporation is a global leading technology and IT services provider
headquartered in Vietnam, with nearly US$1.3 billion in revenue and 30,000
employees in 26 countries. As a pioneer in digital transformation, FPT delivers
world-class services in Smart factory, Digital platforms, RPA, AI, IoT,
Enterprise Mobility, Cloud, AR/VR, Business Applications, Application Services,
BPO, and so on. The company has served over 700+ customers worldwide, a hundred
of which are Fortune Global 500 companies in the industries of Aerospace &
Aviation, Automotive, Banking and Finance, Logistics & Transportation, Utilities
and more.
CONTACT US
HOME / ABOUT US
Data Protection Policy
ABOUT FPT SOFTWARE
FPT Corporation is a global leading technology and IT services provider
headquartered in Vietnam, with nearly US$1.3 billion in revenue and 30,000
employees in 26 countries. As a pioneer in digital transformation, FPT delivers
world-class services in Smart factory, Digital platforms, RPA, AI, IoT,
Enterprise Mobility, Cloud, AR/VR, Business Applications, Application Services,
BPO, and so on. The company has served over 700+ customers worldwide, a hundred
of which are Fortune Global 500 companies in the industries of Aerospace &
Aviation, Automotive, Banking and Finance, Logistics & Transportation, Utilities
and more.
CONTACT US
HOME / ABOUT US
Data Protection Policy
ABOUT FPT SOFTWARE
FPT Corporation is a global leading technology and IT services provider
headquartered in Vietnam, with nearly US$1.3 billion in revenue and 30,000
employees in 26 countries. As a pioneer in digital transformation, FPT delivers
world-class services in Smart factory, Digital platforms, RPA, AI, IoT,
Enterprise Mobility, Cloud, AR/VR, Business Applications, Application Services,
BPO, and so on. The company has served over 700+ customers worldwide, a hundred
of which are Fortune Global 500 companies in the industries of Aerospace &
Aviation, Automotive, Banking and Finance, Logistics & Transportation, Utilities
and more.
CONTACT US
1. INTRODUCTION
FPT Software Company, Ltd. (“FPT Software” hereinafter) Corporate Data
Protection Policy lays out strict requirements for processing personal data
pertaining to customers, business partners, employees or any other individual.
It meets the requirements of the European Data Protection Directive and ensures
compliance with the principles of national and international data protection
laws in force all over the world. The policy sets a globally applicable data
protection and security standard for FPT Software and regulates the sharing of
information between FPT Software, subsidiaries, and legal entities. FPT Software
have established guiding data protection principles – among them transparency,
data economy and data security – as FPT Software Personal Data Protection
Handbook and ISM guidelines.
FPT Software managers and employees are obligated to adhere to the Corporate
Data Protection Policy and observe their local data protection laws. As the
Global Data Protection Officer, it is my duty to ensure that the rules and
principles of data protection at FPT Software are followed around the world.
I will be pleased to answer any questions you have about data protection and
international personal data transfer.
Michael Hering
Global Data Protection Officer, michael.hering@fsoft.com.vn, +84 902606236
1.1 PURPOSE
This Data Protection Policy applies worldwide to FPT Software, Subsidiaries as
well legal entities and is based on globally accepted, basic principles of data
protection. Ensuring data protection is the foundation of trustworthy business
relationships and the reputation of the FPT Software as a first-class employer.
The Data Protection Policy provides one of the necessary framework conditions
for cross-border data transfer among FPT Software, subsidiaries, and legal
entities. It ensures an adequate level of data protection prescribed by the
European Union General Data Protection Regulation, APPI, PDPA or other national
Personal Data Protection Regulations and national laws for cross-border data
transmission, including to countries which do not have adequate data protection
law, yet.
In order to standardize the collection, processing, transfer, and use of
personal data, and promote the reasonable, lawfully, fairly and transparent use
of personal data to prevent personal data from being stolen, altered, damaged,
lost or leaked, FPT Software establishes the personal data protection
management policy and information security policies.
1.2 APPLICATION SCOPE
See Policy_PIMS Scope_v1.1
1.3 APPLICATION OF NATIONAL LAWS
This Data Protection Policy comprises the internationally accepted data privacy
principles without replacing the existing national laws. It supplements the
national data privacy laws. The relevant national law will take precedence in
the event that it conflicts with this Data Protection Policy, or it has stricter
requirements than this Policy. The content of this Data Protection Policy must
also be observed in the absence of corresponding national legislation. The
reporting requirements for data processing under national laws must be observed.
Each subsidiary or legal entity of FPT Software is responsible for compliance
with this Data Protection Policy and the legal obligations. If there is reason
to believe that legal obligations contradict the duties under this Data
Protection Policy, the relevant subsidiary or legal entity must inform the
Global Data Protection Officer. In the event of conflicts between national
legislation and the Data Protection Policy, FPT Software in person the Global
Data Protection Officer will work with the relevant subsidiary or legal entity
of FPT Software to find a practical solution that meets the purpose of the Data
Protection Policy.
2. POLICY
2.1 GUIDING PRINCIPLES
Principle 1: Personal data shall be processed lawfully, fairly and in a
transparent manner in relation to the data subject (lawfulness, fairness and
transparency). Collection, processing, transfer, and use of personal data in an
illegal way or non-administrative business operations are strictly prohibited.
Principle 2: Processing of personal data only where this is strictly necessary
for legal and regulatory purposes, or for legitimate organizational purposes.
Collection only for specified, explicit and legitimated purpose and not further
processed in a manner that is incompatible with those purpose (purpose
limitation).
Principle 3: Processing only of the minimum of personal information required for
these purposes. Adequate, relevant, and limited to what is necessary in relation
to the purpose for which they are processed (data minimization).
FPT Software will only collect, process, transfer, and use the personal data
provided by parties within the scope of laws, regulations, and business
requirements, and will take appropriate and reasonable measures to handle and
use the personal data within the necessary and reasonable scope.
Principle 4: Providing clear information to data subjects (including children)
about how their personal information are used and by whom.
Principle 5: Ensuring special safeguards, if collecting information directly
from children.
Principle 6: Only processing relevant and adequate personal information.
Accurate and, where necessary, kept up to date; every reasonable step must be
taken to ensure that personal data that are inaccurate, having regard to the
purpose for which they are processed, are erased, or rectified without delay
(accuracy).
Principle 7: Maintaining a documented inventory of the categories of personal
information processed by FPT Software.
Principle 8: Retaining personal information only for as long as is necessary for
legal or regulatory reasons or for legitimate organizational purposes and
ensuring timely and appropriate disposal (storage limitation).
Principle 9: Respecting data subject right in relation to their personal
information.
Principle 10: Processing in a manner that ensures appropriate security of
personal data, including protection against unauthorized or unlawful processing
and against accidental loss, destruction, or damage, by using appropriate
technical or organizational measures. (Integrity and confidentiality)
Principle 11: GDPR and other national and international laws restricts the
transfer of personal data to countries for example outside the EEA or relevant
countries. These restrictions apply to all transfers, no matter the size of
transfer or how often you carry them out, unless the rights of the individuals
in respect of their personal data are protected in another way. Only
transferring personal data if it is subject to ‘appropriate safeguards’, which
are listed in the GDPR or other national and international laws.
Principle 12: Used Appropriate safeguards are Standard Data Protection Clauses
adopted by the Commission. The clauses contain contractual obligations on the
data exporter and the data importer, and rights for the individuals whose
personal data is transferred. Individuals can directly enforce those rights
against the data importer and the data exporter. SCC must be used in their
entirety and without amendment.
Principle 13: Developing and implementing a PIMS to enable the PIMS policy to be
implemented.
Principle 14: Identification of people/employees with specific responsibility
and accountability for the PIMS. Implementation of a strong governance including
a Global Data Protection Officer.
Principle 15: Maintain records of processing of personal information.
FPT Software employees breach these principals are fined based on the labor
contract regulations.
2.2 CUSTOMER AND PROVIDER DATA (3RD PARTY)
2.2.1 DATA PROCESSING FOR A CONTRACTUAL RELATIONSHIP
Personal data of customers and providers (3rd party) can be processed in order
to establish, execute and terminate a contract. Prior to a contract – during the
contract initiation phase – personal data can be processed to prepare bids or
purchase orders or to fulfill other requests that relate to contract conclusion.
Customers or providers can be contacted during the contract preparation process
using the information that they have provided. Any restrictions requested by
customers or providers must be complied with.
2.2.2 CONSENT TO DATA PROCESSING
Data can be processed following consent by the data subject. Before giving
consent, the data subject must be informed in accordance with this Data
Protection Policy. The declaration of consent must be obtained in writing or
electronically for the purposes of documentation. In some circumstances, such as
telephone conversations, consent can be given verbally. The granting of consent
must be documented.
2.2.3 DATA PROCESSING PURSUANT TO LEGAL AUTHORIZATION
The processing of personal data is also permitted if national legislation
requests, requires or allows this. The type and extent of data processing must
be necessary for the legally authorized data processing activity and must comply
with the relevant statutory provisions.
2.2.4 DATA PROCESSING PURSUANT TO LEGITIMATE INTEREST
Personal data can also be processed if it is necessary for a legitimate interest
of FPT Software. Legitimate interests are generally of a legal (e.g., collection
of outstanding receivables) or commercial nature (e.g., avoiding breaches of
contract). Personal data may not be processed for the purposes of a legitimate
interest if, in individual cases, there is evidence that the interests of the
data subject merit protection, and that this takes precedence. Before data is
processed, it is necessary to determine whether there are interests that merit
protection.
2.2.5 USER DATA AND INTERNET
If personal data is collected, processed, and used on websites or in apps, the
data subjects must be informed of this in a privacy statement and, if
applicable, information about cookies. The privacy statement and any cookie
information must be integrated so that it is easy to identify, directly
accessible and consistently available for the data subjects.
If use profiles (tracking) are created to evaluate the use of websites and apps,
the data subjects must always be informed accordingly in the privacy statement.
If websites or apps can access personal data in an area restricted to registered
users, the identification and authentication of the data subject must offer
sufficient protection during access.
2.3 EMPLOYEE DATA
2.3.1 DATA PROCESSING FOR THE EMPLOYMENT RELATIONSHIP
In employment relationships, personal data can be processed if needed to
initiate, carry out and terminate the employment agreement. When initiating an
employment relationship, the applicants’ personal data can be processed. If the
candidate is rejected, his/her data must be deleted in observance of the
required retention period, unless the applicant has agreed to remain on file for
a future selection process. Consent is also needed to use the data for further
application processes or before sharing the application with other FPT Software
legal entities.
In the existing employment relationship, data processing must always relate to
the purpose of the employment agreement if none of the following circumstances
for authorized data processing apply.
If it should be necessary during the application procedure to collect
information on an applicant from a third party, the requirements of the
corresponding national laws must be observed. In cases of doubt, consent must be
obtained from the data subject.
There must be a legal authorization to process personal data that is related to
the employment relationship but was not originally part of performance of the
employment agreement. This includes legal requirements, collective regulations
with employee representatives, consent of the employee, or the legitimate
interest of the company.
2.3.2 DATA PROCESSING PURSUANT TO LEGAL AUTHORIZATION
The processing of personal employee data is also permitted if national
legislation requests, requires or authorizes this. The type and extent of data
processing must be necessary for the legally authorized data processing activity
and must comply with the relevant statutory provisions. If there is some legal
flexibility, the interests of the employee that merit protection must be taken
into consideration.
2.3.3 COLLECTIVE AGREEMENTS ON DATA PROCESSING
If a data processing activity exceeds the purposes of fulfilling a contract, it
may be permissible if authorized through a collective agreement. Collective
agreements are pay scale agreements or agreements between employers and employee
representatives, within the scope allowed under the relevant employment law. The
agreements must cover the specific purpose of the intended data processing
activity and must be drawn up within the parameters of national data protection
legislation.
2.3.4 CONSENT TO DATA PROCESSING
Employee data can be processed upon consent of the person concerned.
Declarations of consent must be submitted voluntarily. Involuntary consent is
void. The declaration of consent must be obtained in writing or electronically
for the purposes of documentation. In certain circumstances, consent may be
given verbally, in this case it must be properly documented. In the event of
informed, voluntary provision of data by the relevant party, consent can be
assumed if national laws do not require express consent. Before giving consent,
the data subject must be informed in accordance with this Data Protection
Policy.
2.3.5 DATA PROCESSING PURSUANT TO LEGITIMATE INTEREST
Personal data can also be processed if it is necessary to enforce a legitimate
interest of FPT Software. Legitimate interests are generally of a legal (e.g.,
filing, enforcing or defending against legal claims) or financial (e.g.,
valuation of companies) nature.
Personal data may not be processed based on a legitimate interest if, in
individual cases, there is evidence that the interests of the employee merit
protection. Before data is processed, it must be determined whether there are
interests that merit protection.
Control measures that require processing of employee data can be taken only if
there is a legal obligation to do so or there is a legitimate reason. Even if
there is a legitimate reason, the proportionality of the control measure must
also be examined. The justified interests of the company in performing the
control measure (e.g., compliance with legal provisions and internal company
rules) must be weighed against any interests meriting protection that the
employee affected by the measure may have in its exclusion and cannot be
performed unless appropriate. The legitimate interest of the company and any
interests of the employee meriting protection must be identified and documented
before any measures are taken. Moreover, any additional requirements under
national law (e.g., rights of co-determination for the employee representatives
and information rights of the data subjects) must be taken into account.
2.3.6 TELECOMMUNICATIONS AND INTERNET
Telephone equipment, e-mail addresses, intranet, and internet along with
internal social networks are provided by the company primarily for work-related
assignments. They are company tools and company resources. They can be used
within the applicable legal regulations and internal company policies. In the
event of authorized use for private purposes, the laws on secrecy of
telecommunications and the relevant national telecommunication laws must be
observed if applicable.
There will be no general monitoring of telephone and e-mail communications or
intranet/ internet use. To defend against attacks on the IT infrastructure or
individual users, protective measures can be implemented for the connections to
the FPT Software network that block technically harmful content or that analyze
the attack patterns. For security reasons, the use of telephone equipment,
e-mail addresses, the intranet/internet and internal social networks can be
logged for a temporary period. Evaluations of this data from a specific person
can be made only in a concrete, justified case of suspected violations of laws
or policies of FPT Software. The evaluations can be conducted only by
investigating departments while ensuring that the principle of proportionality
is met. The relevant national laws must be observed.
2.4 POLICY REVIEW AND EVALUATION
This policy must be reviewed and evaluated twice a year to reflect the latest
status of international standards, legal regulations, technologies, and
businesses, and to ensure the timeliness of personal data management practices
(see Guideline_Personal Data Protection Policy Development_v2.2).
2.5 ANNOUNCE AND RELEASE
This policy is based on an announcement process that will enable personnel to
understand the relevant principles and provisions of the personal data
protection management policy so that they can follow it.
This policy must be revised and reviewed by the Personal Data Protection Working
Group, approved by the Global Data Protection Officer and the responsible FPT
Software board member (CFO). The Global Data Protection Officer is responsible
for implementation and internal audits.
3. DATA PROTECTION CONTROL
Compliance with the Data Protection Policy and the applicable data protection
laws is checked annually with data protection audits and other controls. The
performance of these controls is the responsibility of the Data Protection
Representatives. The results of the data protection controls must be reported to
the Global Data Protection Officer and the responsible FPT Software board member
(CFO). On request, the results of data protection controls will be made
available to the responsible data protection authority. The responsible data
protection authority can perform its own controls of compliance with the
regulations of this Policy, as permitted under national law.
4. PERSONAL DATA PROTECTION TRAINING
Every new employee must join the first day Personal Data Protection training.
For every employee processing personal data, it is mandatory to join the
Personal Data Protection training on e-campus (FPT Software Training Platform)
including a successful exam before starting personal data processing. An
annually refresh training is also mandatory.
For every PM, DM, SDM, team lead involved in processing of personal data, it is
mandatory to join the extended Personal Data Protection training on e-campus
(FPT Software Training Platform) including a successful exam before starting
personal data processing. An annually refresh training is also mandatory (see
Policy_Personal Data Protection Training_v1.2).
FPT Software VN will provide a download version of all training material to each
FPT Software legal entity and subsidiary.
5. GLOBAL DATA PROTECTION OFFICER
The Global Data Protection Officer, being internally independent of professional
orders, works towards the compliance with national and international data
protection regulations. He is responsible for the Data Protection Policy and
supervises its compliance. The Global Data Protection Officer is appointed by
the FPT Software Board.
The data protection representatives shall promptly inform the Global Data
Protection Officer of any data protection risks.
Any data subject may approach the Global Data Protection Officer, or the
relevant data protection representative, at any time to raise concerns, ask
questions, request information, or make complaints relating to data protection
or data security issues. If requested, concerns and complaints will be handled
confidentially.
If the data protection representative in question cannot resolve a complaint or
remedy a breach of the Policy for data protection, the Global Data Protection
Officer must be consulted immediately. Decisions made by the Global Data
Protection Officer to remedy data protection breaches must be upheld by the
management of the company in question. Inquiries by supervisory authorities must
always be reported to the Global Data Protection Officer (see Template_DPO Job
Description_v1.1).
Contact details for the Global Data Protection Officer and staff are as follows:
FPT Software Company, Ltd.
Global Data Protection Officer, Michael Hering
F-Town Building 3, Saigon Hi-Tech Park, Lot T2, D1 Street, Tan Phu Ward, Thu Duc
City,
Ho Chi Minh City, Vietnam
Cell: +84 90 2606236
E-mail: michael.hering@fsoft.com.vn
6. RESPONSIBILITIES AND DISCIPLINARY
The executive bodies of FPT Software, subsidiaries and legal entities are
responsible for data processing in their area of responsibility. Therefore, they
are required to ensure that the legal requirements, and those contained in the
Data Protection Policy, for data protection are met (e.g., national reporting
duties). FSU leads, OB heads and managing directors of a legal entity are
responsible for ensuring that organizational, HR and technical measures are in
place so that any data processing is carried out in accordance with data
protection. Compliance with these requirements is the responsibility of the
relevant employees. If external agencies perform data protection controls, the
Global Data Protection Officer must be informed immediately.
The relevant FSU leads, OB heads or managing directors of a legal entity must
inform the Global Data Protection Officer as to the name of their data
protection representative. The data protection representatives are the contact
persons on site for data protection. They must perform checks and must
familiarize the employees with the content of the data protection policies. The
relevant management is required to assist the Global Data Protection Officer and
the data protection representatives with their efforts. FSU’s, OB’s or legal
entities must inform the data protection representatives in good time about new
processing of personal data. For data processing plans that may pose risks to
the individual rights of the data subjects, the Global Data Protection Officer
must be informed before processing begins. This applies in particular to
extremely sensitive personal data. The managers must ensure that their employees
are sufficiently trained in data protection (annually awareness training with
exam, extended training for PM, DM, BU leads).
Improper processing of personal data, or other violations of the data protection
laws, can be criminally prosecuted in many countries, and result in claims for
compensation of damage. Violations for which individual employees are
responsible can lead to sanctions under employment law.
If you do not understand the implications of this policy or how it may apply to
you, seek advice from the GDPO via the phone or email (Michael Hering, phone:
+84902606236, email: michael.hering@fsoft.com.vn).
7. SUPPLEMENTARY GUIDELINES AND DOCUMENTS
PDP Handbook V3.2
Policies:
* Policy_PDP Training V1.2
* Policy_Privacy Statement_v1.1
* Policy_PIMS Scope_v1.1
Guidelines:
* Guideline Personal Data Retention V3.2
* Guideline Policy Development V2.2
* Guideline Personal Data Protection Organization V3.2
* Guideline Personal Data Protection Management Audit V2.2
* Guideline Complaints and Appeals Handling V3.2
* Guideline data breach incident V3.2
* Guideline Personal Data Inventory Management V3.2
* Guideline data flow mapping V2.2
* Guideline Risk Management DPIA V2.2
* Guideline PII Classification and Rating V3.2
Templates:
* Template_DS Consent Withdrawal Form_v1.1
* Template_retention schedule_V1.1
* Template_audit checklist short_V1.1
* Template_internal competence matrix_V1.1
* Template_privacy notice register_V1.1
* Template_DP Job Description and Responsibilities_v1.1
* Template_DPO Job Description_v1.1
* Template_DS request_incident_compliant_appeal_register-DP_V1.2
* Template_Rationale DPO_v1.1
* Template_Parental Consent Withdrawal Form_v1.1
* Template_Data Subject Right Request Form_v2.2
* Template_Parental Consent Form_v1.1
* Template_Data Subject Consent Form_v2.2
* Template Personal Data Processing Inventory V2.5
* Template Standard Contractual Clauses V2.2
* Template Personal Data Protection Exhibit V1.3
* Template Personal Data Protection Management Amendment V2.1
* Template risk management DPIA V3.2
* Checklist Before Engagement V3.1
* Template Privacy Impact Analysis & Risk Management V1.6
* Template Data Processing Agreement V1.1
* Template_Non Conformance Report_v1.0
* Template_Internal Audit Report_v1.0
* Template_Internal Audit Schedule_v1.0
Procedures:
* Procedure_ds_access request_V1.1
* Procedure_consent withdrawal_V1.1
* Procedure_Data Protection Impact Assessment_V1.1
* Procedure_Personal Data Breach Notification_V1.1
* Procedure_personal data transfer_V1.1
* Procedure_data portability_V1.1
* procedure_third party service cobtracts_V1.1
* Procedure_sub contracted processing_V1.1
* Procedure_DP management review_V1.1
* Procedure_Retention of Records_V1.1
* Procedure_Continual Improvement_v1.0
* Procedure_Internal Audit_v1.0
Records:
* Record_DP contacts_V1.1
* Record_internal contracts_V1.1
* Record_authorities_Key-Supplier_V1.1
Every FPT Software employee can find these Guidelines and templates on the
platform QMS.
8. EXCEPTION
Any exception must be reviewed and approved by Global Data Protection Officer
and also approved by the responsible board member of FPT Software (CFO)/Managing
Director of a Subsidiary Company/Legal Entity.
9. APPENDIXES
9.1 DEFINITION
Abbreviation Description PII, Personal Identifiable Information,
Personal Data Refer to the personal data defined by the EU GDPR (Article 4 (1)),
‘personal data’ means any information relating to an identified or identifiable
natural person (‘data subject’); an identifiable natural person is one who can
be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.
Data Subject EU GDPR (Article 4 – 1),
Data subject refers to any individual person who can be identified, directly or
indirectly. Data Controller EU GDPR (Article 4 – 7),
Data Controller means the natural or legal person, public authority, agency or
anybody which alone or jointly with others, determines the purpose and means of
processing of personal data; where the purpose and means of such processing are
determined by Union or Member State law, the controller or the specific criteria
for its nomination may be provided for by Union or Member State law. Data
Processor EU GDPR (Article 4 – 8),
Data Processor means a natural or legal person, public authority, agency or
anybody which processes data on behalf of the controller. Recipient EU GDPR
(Article 4 – 9),
A natural or legal person, public authority, agency or anybody, to which the
personal data are disclosed, whether third party or not. Third Party EU GDPR
(Article 4 – 10),
A natural or legal person, public authority, agency or anybody other than the
data subject, controller, processor and persons who under direct authority of
controller or processor, are authorized to process personal data DPO/GDPO Data
Protection Officer/Global Data Protection Officer DPIA Data Protection Impacted
Assessment PIMS Personal Information Management System EU European Union
9.2 RELATED DOCUMENTS
No Code Name of documents 1 EU GDPR EU General Data Protection Regulation 2
95/46/EC EU Data Protection Directive 95/46/EC 3 Privacy shield EU-U.S. and
Swiss-U.S. Privacy Shield Frameworks designed by the U.S. Department of Commerce
and the European Commission and Swiss Administration to provide companies on
both sides of the Atlantic with a mechanism to comply with data protection
requirements when transferring personal data from the European Union and
Switzerland to the United States in support of transatlantic commerce. 4 APPI
Act on the Protection of Personal Information, Japan.
It came into force on 30 May 2017. 5 PDPA Personal Data Protection Act 2012,
Singapore 6 PDPO Personal Data (Privacy) Ordinance, Hongkong, 2012 7 PIPA South
Korea’s substantial Personal Information Protection Act (PIPA) was enacted on
Sept. 30, 2011 8 PIPEDA Personal Information Protection and Electronic
Documents Act, Canada 2018 9 Privacy Act, APPs, CDR Privacy act Australia
including Australian Privacy Principles, Consumer Data Right 10 HITRUST Health
Information Trust Alliance (CSF, Common Security Framework) 11 HIPAA Health
Insurance Portability and Accountability Act of 1996 (HIPAA), US 12 PCI DSS
Payment Card Industry Data Security Standard, May 2018 13 CCPA California
Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq. 14 PDPL, UAR
Decree-Law No. 45 of 2021
15 BS10012: 2017 British Standard Personal Information Management System 16
Vietnamese laws on Privacy:
– Article 21 of the 2013 Constitution
– Article 38 of the Civil Code 2015
– Article 125 of the Penal Code
– Clause 2 of Article 19 of the Labor Code
Decree of the Vietnamese Government:
Nghị Định Quy Định Về Bảo Vệ Dữ Liệu Cá Nhân
17 FPT Software Personal Data Protection Handbook PDP_ Handbook_Version_V3.2
How can we help?
ABOUT US
* About FPT Software
* Why FPT Software?
* Our Campus
* Our Partner Network
* Board of Management
* Global Presence
OUR RESOURCE CENTER
* Innovation Hub
* Case Studies
* Whitepapers
INDUSTRIES
* Aviation
* Automotive
* Banking and Finance
* Healthcare
* Logistics
* Manufacturing
* Utility
NEWSROOM
* News
* Press Release
* Customer Testimonials
* Event Calendar
SERVICES
DIGITAL CONSULTING
* Agile Factory – Renovation Lab
DIGITAL PLATFORM SERVICES
* Digital Real Estate
* Digital Healthcare
* Smart Factory
* IoV/Connected Vehicles
* Digital Transformation
NEXT-GEN TECHNOLOGIES
* Artificial Intelligence
* Hyperautomation
* Augmented Reality/Virtual Reality
* Blockchain
* Cloud
* Data Analytics
* Mobility
* IoT
* Advanced Analytics
OUTSOURCING SERVICES
* Application Services
* Business Applications
* Digital Processing Service
* Legacy Migration
* Testing
* IC Design
* Building Information Modeling
* CAD/CAE
* Embedded System
CONNECT WITH US
*
*
*
*
* Terms of use
* Privacy Statement
* Vulnerability Disclosure
* Data Protection Policy
* Risk & Violation Reporting
* Career @ FPT Software
* Procurement @ FPT Software
* Contact us
* Technology Blog
Copyright © 2021 FPT Software.
Contact Us
FPT NEWS
FPT NEWS
FPT Software Chairwoman: Pandemic Shines Spotlight on Women’s Role
View Detail >>
FPT NEWS
FPT Software Chairwoman: Pandemic Shines Spotlight on Women’s Role
News | Mar 08, 2022
FPT Software and Agora Software Partner to Accelerate IoT Deployment with
No-Code
News | Feb 22, 2022
FPT Software Awarded Two Microsoft Advanced Specializations
News | Feb 17, 2022
Category: News |
Tagged:
This website uses cookies to improve user experience. By using our website you
consent to all cookies in accordance with our Cookie Policy. Learn more
OK No, Thanks
Cookie Settings