Skip to content
Start with us
center-gradient-cover-bg
right-gradient-cover-bg
background gradient desk
Policy Documents

Data Protection Policy

July 11, 2025

Share with:

PERSONAL DATA PROTECTION POLICY 

(Reference No.: 01-2026/CS/PDP – Version 2.0) 

1. Introduction

FPT Smart Cloud Company Limited (“FPT Smart Cloud”, “We”, “Us”) is committed to respecting and protecting the privacy and personal data of individuals and organizations when accessing and using our websites, platforms, and services. 

This Personal Data Protection Policy (“Policy”) is issued to: 

  • Ensure transparency in personal data processing activities; 
  • Safeguard the lawful rights and interests of Personal data subject matters; 
  • Comply with Vietnamese laws, including the Law on Personal Data Protection No. 91/2025/QH15, Decree No. 356/2025/ND-CP, and relevant implementing regulations; 
  • Align with international data protection standards. 

By accessing and using our platforms, you acknowledge that you have read, understood, and agreed to this Policy. 

2. Scope of Application

This Policy applies to all activities involving the collection and processing of personal data of: 

  • Customers; 
  • Website users; 
  • Partners; 
  • Individuals interacting or having contact with FPT Smart Cloud. 

This Policy applies across all channels, including but not limited to: 

  • Websites; 
  • Applications; 
  • Digital service platforms; 
  • Other online interaction channels. 

3. Definitions

For the purposes of this Policy: 

  • Personal data: Personal data refers to digital data or information in other forms that identifies or assists the identification of a specific individual, including basic personal data and sensitive personal data. Personal data, once de-identified, is no longer considered personal data. 
  • Personal data subject matters (or Data subject): Personal data subject matters refer to persons reflected in the personal data. 
  • Personal data processing: Personal data processing refers to activities impacting personal data, including one or more of the following: collection, analysis, summary, encryption, decryption, modification, deletion, destruction, de-identification, provision, disclosure, transfer of personal data, and other activities impacting personal data.. 
  • Personal data controlling party (or Data Controller): Personal data controlling party refers to an agency, organization, or individual that decides on the purposes and means of personal data processing. 
  • Personal data processing party (or Data Processor): Personal data processing party refers to an agency, organization, or individual processing personal data as requested by the personal data processing party or personal data processing and controlling party under a contract. 
  • Personal data processing and controlling party (or Data Controller and Processor): Personal data processing and controlling party refers to an agency, organization, or individual that decides on the purposes and means of personal data processing and directly processes personal data. 

Depending on specific circumstances, FPT Smart Cloud may act as a Personal data controlling party, Personal data processing party, or both Personal data processing and controlling party. 

4. Categories of Personaldatacollected 

4.1. Data provided by you 

Including but not limited to: 

  • Full name; 
  • Email address; 
  • Phone number; 
  • Company information; 
  • Content of communications and requests. 

4.2. Automatically collected data 

When you access our website: 

  • IP address; 
  • Device and browser type; 
  • Cookie data; 
  • Browsing behavior information. 

4.3. Data generated during service use 

  • System logs; 
  • Usage history; 
  • Platform interaction data. 

5. Purposes ofdataprocessing 

Personal data is processed for the following purposes: 

  • Providing, operating, and improving services; 
  • Establishing, performing, and managing contractual relationships; 
  • Receiving and handling requests and feedback; 
  • Ensuring safety and information security; 
  • Complying with legal obligations; 
  • Conducting analysis and research to enhance service quality; 
  • Carrying out marketing and communication activities with consent. 

FPT Smart Cloud commits not to use customer personal data to train artificial intelligence (AI) models without explicit consent or full anonymization. 

6. Legalbasis forprocessing 

We process personal data based on: 

  • Consent of the Personal data subject matter; 
  • Contractual obligations; 
  • Legal obligations under applicable laws; 
  • Legitimate interests of FPT Smart Cloud, provided such interests do not override the lawful rights and interests of the Personal data subject matter. 

7. Datasharing anddisclosure 

Personal data may be shared in the following cases: 

  • With affiliated companies and subsidiaries; 
  • With partners and service providers (e.g., cloud infrastructure providers, technical support); 
  • Upon request by competent state authorities; 
  • When necessary to protect the lawful rights and interests of FPT Smart Cloud. 

Recipients of data are obligated to maintain confidentiality and process data only for agreed purposes. 

8. Cross-borderdatatransfer 

As a principle, FPT Smart Cloud stores data within Vietnam. In cases where cross-border data transfer is required: 

  • We comply with Vietnamese legal regulations on data transfer; 
  • We conduct a Data Transfer Impact Assessment and submit the required dossier to the Department of Cybersecurity and High-Tech Crime Prevention (A05) under the Ministry of Public Security; 
  • We apply appropriate safeguards to ensure data security. 

9. Dataretentionperiod 

Personal data is retained for as long as necessary to fulfill the processing purposes or as required by law. 

After the retention period, data will be: 

  • Deleted; 
  • Anonymized; or 
  • Securely destroyed in accordance with internal procedures. 

10. Rights ofPersonal data subject matters

Personal data subject matters have rights under applicable laws, including: 

  • The right to be informed and to give consent; 
  • The right to access and correct data; 
  • The right to withdraw consent; 
  • The right to request deletion of data; 
  • The right to restrict or object to processing; 
  • The right to lodge complaints or initiate legal action. 

To exercise these rights, Personal data subject matters may contact us using the details provided in Section 13. 

FPT Smart Cloud will handle such requests within the timeframes required by applicable law. 

11. Personaldatasecurity 

We implement appropriate technical and organizational measures to protect personal data, including: 

  • Access control mechanisms; 
  • Data encryption; 
  • System monitoring; 
  • Prevention of unauthorized access; 
  • Staff training on information security. 

12. Personaldatabreach handling 

In the event of a personal data incident, FPT Smart Cloud will: 

  • Promptly detect and assess the incident; 
  • Apply necessary remedial measures; 
  • Notify competent authorities within 72 hours (or as required by law); 
  • Notify affected Personal data subject matters when necessary. 

13. Contactinformation

For any requests or inquiries regarding personal data, please contact: 

Data Protection Officer (DPO) 
FPT Smart Cloud Company Limited 

Address: No. 10 Pham Van Bach Street, Cau Giay Ward, Hanoi, Vietnam 

Email: Minhpt@fpt.com 

Phone: 0913571357 

Hotline: 1900638399 

14. Implementation Provisions

This Policy may be amended or supplemented from time to time to ensure compliance with legal requirements and operational practices. 

This Policy takes effect from the date it is officially published on the FPT Smart Cloud website.