EN
Dropdown
EN VN
Menu Mobile
Submit
Submitted Thank you for requesting an appointment at . Please be informed that your requested appointment is subject to availability. We will contact you within 24 hours to confirm your appointment.

DATA PRIVACY POLICY

Hoan My Medical Corporation is committed to protecting the private information of our customers. Please read the “ Data Privacy Policy” (the “Policy”) below to better understand the commitments we make to respect and protect the rights and interests of visitors:

1. OVERVIEW

At Hoan My, we consider your personal data a valuable asset and are committed to protecting your privacy seriously. This Policy is established to help you understand how we collect, process, use, share, and protect your personal data. At the same time, this Policy also provides information about your rights regarding your personal data and how you can exercise such rights.

In certain specific cases, we may issue additional privacy notices, which are applicable to separate channels, products, services, entities, or activities. These notices will supplement or further clarify the contents presented in this Privacy Policy.

In this Privacy Policy, “we,” “us,” or “our” refers to Hoan My Medical Corporation and/or any member entity within the Hoan My Medical Corporation, including subsidiaries, branches, clinics, hospitals, pharmacies, representative offices, and other entities operating under the Hoan My brand (“Hoan My Medical Corporation” or “Hoan My”) that have the right to access, process, and decide on the use of your personal data.

Please refer to the ‘Contact Information’ section of this Privacy Policy for our contact details. This Privacy Policy does not apply to third-party websites where our online advertisements are displayed or linked third-party websites that we do not operate or control. These websites should have their own privacy notices/policies that you can read to understand how they collect and process your personal data and your rights.

To the maximum extent permitted by law, we will not be responsible for the actions of others, nor for omissions, data policies, or the use of cookies, as well as the contents or security of any other party websites, applications, or platforms, even if our online advertisements are displayed on third-party websites or on linked third-party websites.

This Policy may be updated from time to time to reflect changes in our personal data processing activities or as required by law. The most recent date of update to the Policy will be clearly stated at the end of the document. We will notify you and, if necessary, obtain your valid consent and/or the consent of your parents or legal guardian (hereinafter collectively referred to as “parents”) before applying these changes. If you have any questions or requests related to personal data processing, please refer to the “Contact Information” section for assistance.

2. SOURCE AND METHODS OF PERSONAL DATA COLLECTION

Hoan My collects your personal data from various sources to ensure service delivery and enhance user experience. Specifically:

1. Direct collection from you

  • When you register, fill out medical forms, or provide information on websites, applications, and digital platforms managed by Hoan My;
  • When you use medical services at Hoan My facilities (examinations, treatments, performance of medical procedures, tests, and monitoring using medical devices);
  • When you make payments or provide information for payment purposes;
  • When you interact with us via telephone, email, apps, or social media;
  • When your image is recorded by the camera system at Hoan My facilities.

2. Indirectly collected from related parties

  • A relative, or a person you designate, such as a parent, spouse, child, sibling, or guardian;
  • Legal representatives, or parties authorized to act on your behalf;
  • Businesses, or organizations related to you, such as your employer or the company that you represent;
  • Other healthcare providers, insurance companies, or service providers affiliated with Hoan My at the written request of the data subject;
  • Corporate clients, where you benefit from Hoan My’s contracted services with that organization;
  • Government or regulatory agencies, including the Ministry of Health, Department of Health, and other relevant authorities;
  • Member entities or partners within Hoan My Medical Corporation at the written request of the data subject;
  • Lawful public sources, such as public databases, social media, and online publications.

3. Data collection using automated techniques
During your access and use of the online platforms or services, Hoan My’s systems may automatically record:

  • IP address, device type, browser type, operating system, and display language;
  • Time, history and frequency of access, number of pages viewed, links clicked, and usage duration;
  • Location data and other behavioral information.
  • In addition, Hoan My may use cookies and similar technologies to identify you, store preferences, improve service quality, personalize content, and secure your account.

4. Additional sources

  • Personal data from employees, job applicants, contractors, partners, and subcontractors.

You are responsible for providing complete, accurate, and lawful personal information when subscribing to or using services. If you provide personal data of others, you must ensure that you have obtained their lawful consent and clearly inform them of how Hoan My will use such information. Hoan My shall not be liable for any legal consequences, losses, or disputes arising from your provision of inaccurate, incomplete, or unlawful information.

3. TYPE OF PERSONAL DATA TO BE COLLECTED AND PROCESSED

Personal data means any information that can be used to identify you or is related to you. This information may exist in digital form or other formats.

Depending on whether you are a customer, a related person, or a representative of a customer, as well as the extent to which it is permitted by law, we may collect various types of personal data. These types of data reflect common identity and background elements that you frequently use in transactions and social relationships:

  • Identification data – information that identifies you. For example: your full name, middle name, birth name, gender, other name, date of birth, date of death or disappearance, place of birth, place of birth registration, photos and diagnostic images, surveillance camera footage and video recordings, and other identifiers, including official/government-issued identifiers, such as ID number, passport number, tax code, driver’s license number, vehicle registration number, social insurance number, health insurance card number, and nationality.
  • Contact data – information that allows us to resolve issues, send or deliver messages to you. For example: email address, telephone number or mobile phone number, residential or business address, permanent residence, temporary residence, current residence, hometown, and contact address.
  • Usage behavior data – information related to your behavior, activities, or actions, both online and offline. For example: your browsing behavior and the way that you interact with our online products and services or those provided by third-party organizations, such as our advertising partners and social media companies.
  • Personal relationship data – information about associations or close relationships between individuals or organizations that may identify you. For example: marital status, parents, children, spouse, or employment relationships.
  • Communication data – information related to you contained in voice recordings, text messages, emails, and other communications that we have with you. For example: service orders and digital information, such as personal data reflecting your activities and history in cyberspace.

We may from time to time need to collect sensitive personal data from you, but we will only do so if it is necessary and with your consent and/or the consent of your parents, or when permitted by law. Sensitive personal data refers to personal data related to privacy that, if violated, may directly affect an individual’s legitimate rights and interests, including:

  • Geolocation data – information that provides or contains the location of a device.
  • Racial or ethnic origin data – information that reveals your racial or ethnic origin.
  • Religious or philosophical belief data – information that reveals your religious or philosophical beliefs.
  • Biometric data – information that physically identifies you.

For example: facial recognition information, fingerprint or voice identification.

  • Data about your sex life, personal sexual orientation.
  • Information about your genetic characteristics.
  • Professional and employment data – information about your education, employment, workplace, and professional expertise.
  • Bank account information data.
  • Health and privacy data – information related to your health.

For example: health insurance information, medical history, tests and test result reports, diagnoses, treatments, prescriptions, mental health status and assessments, genetic information and test results, doctor’s notes on your symptoms and diagnoses, bills and medical and pharmaceutical bills, lab reports, health check forms and records, dental records, vision test records, health insurance claims, x-rays, photos of your health condition, videos of you undergoing surgical procedures, family medical history, and other personal health-related information.

4. PERSONAL DATA COLLECTION AND PROCESSING PURPOSES

4.1 Overview

We collect and use your personal data to provide medical services, operate digital platforms (including websites and mobile applications), maintain and develop customer relationships, and ensure the efficient operation of Hoan My’s service and management systems.

If you own or are linked to multiple member accounts within the Hoan My Medical Corporation, we may link these accounts to create a comprehensive view of the customer relationship, helping us serve you better.

The use of your personal data is carried out solely for lawful purposes, in accordance with the content of this Privacy Policy, and within the limits of your and/or your parent’s consent, or as required by law.

Our data processing purposes are as specified below. We may not be able to provide our medical products and services if you refuse to provide the necessary data or do not allow us to process the data in accordance with the law and operational requirements.

We process personal data based on one or more legal grounds as follows:

  • Your and/or your parent’s consent, as required by law;
  • Protection of life, health, honor, dignity, and legitimate rights and interests of you or others, in urgent cases or when necessary to protect the safety, legitimate rights or interests of you, others or organizations or institutions from infringement of the above interests;
  • In response to emergencies; threats to national security; prevention of riots, terrorism, and other crimes and violations of law;
  • Performance of a contract, where you are a party to the transaction;
  • Compliance with legal obligations, where we are required to do the same in accordance with law or to support state management activities.

Personal data transfer may be carried out without consent but must be based on one of the following grounds:

  • Sharing of personal data between departments within the same organization to process personal data in line with the established processing purposes;
  • Division, separation, merger, consolidation, or termination of the organization’s operations;
  • Personal data transfer by data controllers to data processors or third parties;
  • Personal data transfer at the request of the competent government authorities.

The audio and video recording and processing of personal data from such activities may be conducted without consent based on one or more of the following grounds:

  • Performing national defense duties, protecting national security, ensuring social order and safety, and protecting the legitimate rights and interests of organizations;
  • Making audio or video recording of public activities that do not harm the honor, dignity, or reputation of the data subject.

4.2 Data collection and processing purposes

We process your personal data for the following purposes, depending on whether you are our customer or a representative or related party of a customer, to the extent permitted by law.

Note: Personal data processing means any activity that affects personal data, including one or more of the following activities: collection, analysis, compilation, encryption, decryption, editing, deletion, destruction, de-identification, provision, disclosure, transfer of personal data, and other activities that affect personal data.

We process your personal data for the following main purposes:

  • Evaluation and provision of products and services for our customers
    • Providing medical examination and treatment services, healthcare services, and professional consultation programs.
    • Performing functions of digital platform applications managed and operated by Hoan My, such as appointment booking, appointment notifications, queue tracking, provision of medical check-up results and related health information.
    • Granting access to and use of online and mobile platforms, verifying information, and processing transactions.
    • Assessing the suitability of products and services provided to our customers.
    • Obtaining quotations for customers from third-party service and product providers, such as third-party healthcare organizations that may provide services to our customers and insurance products from insurance providers with whom we partner and assist those providers in the management of healthcare and insurance services, and other products.
  • Management of customer relationship and user account
    • Establishing and maintaining relationships with customers, including profile management, information updates, request handling, and feedback.
    • Appointment reminders and scheduling.
    • Sending technical notifications, thank-you letters, maintenance information, security alerts, and changes to service terms.
    • Providing information about promotions, events, new services, or recruitment activities if you subscribe to updates, contests, or lucky draws.
    • Sending relevant marketing information with your consent.
    • Offline and online seminars.
    • Other events.
    • Recording and storing communications (via email, messages, telephone) for record-keeping and evidential purposes.
    • Establishing, continuing, and managing our member relationships and accounts with us or any member of the Hoan My Medical Corporation, if applicable.
    • Providing customers with appropriate access to our products and services, such as our online and mobile platforms.
    • Operating, providing, and evaluating products and services for customers.
    • Verifying and processing relevant payments between you and us.
    • Performing transactions and actions as instructed or requested, such as making payments to third-party service providers on behalf ofr customers.
    • Keeping updated records of authorized persons who may access your personal health and other information.
    • Maintaining communication.
    • Responding to inquiries or handling any complaints, including monitoring conversations and social media posts to identify discussions, sentiments, and complaints about Hoan My Medical Corporation.
    • Issuing notifications about changes to the terms and conditions of our products and services.
    • Recording our communications, including online messages, emails, and phone calls, for record-keeping and evidential purposes.
    • Contacting relevant customers regarding the products and services we provide.

To the extent permitted by applicable law, we may share limited information about you with social media and advertising companies that we partner with for online advertising purposes. For example, to check whether you have an account with social media companies so that we may, based on your and/or your parent’s consent, ask them to display more relevant marketing messages to you about our products and services, or exclude you from receiving advertisements for products and services that you have already used.

  • Business Operation
    • Carrying out administrative tasks, risk management, auditing, system development and testing, and strategic planning.
    • Managing user authentication and access control for customers, for example: to access to mobile and online healthcare products and services, and other information.
    • Conducting healthcare service-related activities, including maintaining customer health history.
    • Participating in business operations management, such as performing administrative tasks related to the products and services provided by us, risk management activities, auditing, ensuring the operation and security of our communication and processing systems, system development and testing, business planning, and decision-making.
  • Improving our products and services
    • Analyzing data, surveying customer satisfaction, and compiling information to improve service quality;
    • Conducting market research activities through third parties bound by data confidentiality obligations.
    • Developing, testing, and analyzing our systems, products, and services.
    • Monitoring and recording our communications with you, e.g. telephone calls, for training and quality purposes.
    • Conducting customer satisfaction surveys.
    • Collecting insights by compiling data from the use of our products, services, and applications to provide you with more suitable products and services.
  • Ensuring safety for you and our staff
    • Conducting security checks and identity verification for clinic access.
    • Using CCTV surveillance recordings at our hospitals, clinics, and pharmacies for the prevention and detection of fraud or other crimes, such as theft.
    • Handling and reporting security incidents, protect the safety of users and staff;
    • Investigating and reporting incidents or emergencies at our facilities.
    • Securing our systems and networks to keep your data safe and protected.
    • Other purposes in compliance with health and safety regulations.
    • Monitoring conversations and posts on social media to protect customers from publicly sharing data that could be used for fraudulent purposes.
  • Compliance with applicable laws, regulations, and other requirements
    • Complying with legal regulations and requirements from relevant agencies, courts, or authorities;
    • Verifying compliance with internal policies and obligations under domestic and international legal regulations;
    • Adhering to relevant laws, regulations, rules, directives, verdicts or court orders, requests, guidelines, reporting requirements from government, restrictions, demands, or agreements with any relevant authority (including domestic or foreign tax authorities), trials or courts, enforcement agencies, or exchange agencies in any relevant jurisdiction in which Hoan My Medical Corporation operates;
    • Complying with any voluntary guidelines or recommendations from agencies or industry associations.
  • Protection of legitimate rights and interests and dispute resolution
    • Protecting Hoan My’s legitimate rights and interests in legal proceedings, disputes, or claims;
    • Carrying out debt collection and insurance claims, and providing records for investigations;
    • Pursuing and enforcing our rights and protecting ourselves from harm to our rights and interests;
    • Retaining records as necessary for evidence in any potential litigation or investigation;
    • Recovering debts and outstanding amounts;
    • Obtaining professional advice;
    • Investigating or pursuing insurance claims;
    • Responding to any issues, actions, or legal proceedings related to insurance;
    • Protecting or responding to any current or future legal, regulatory, or industry authority, or issues, actions, or proceedings related to associations.
  • Business restructuring and transfer
    • Conducting assessments, transfers, or reorganizations (e.g., mergers, consolidations, acquisitions, or divestitures) with the aim of ensuring uninterrupted services;
    • Maintaining the ability to serve you throughout the restructuring process.
  • Management and disclosure of professional information
    • Collecting and recording positions, academic titles, and degrees to manage records of personnel, collaborators, reporters, speakers, lecturers, and relevant medical professionals;
    • Using this information for publication and introduction in training activities, conferences, scientific seminars, research, and professional collaboration programs;
    • Verifying qualifications and expertise when entering into contracts, cooperation agreements, or carrying out legal and administrative procedures at the request of the authorities;
    • Issuing certificates and confirmations of participation in relevant courses.
  • Other lawful purposes
    • In any other cases not listed above, we will process personal data only after providing specific notice and obtaining your and/or the consent of your parents in accordance with applicable laws.

5. USE OF PERSONAL DATA IN THE AUTOMATED ANALYSIS AND DECISION-MAKING PROCESSES

We may use personal data to perform data analysis, including profiling and behavioral analysis, for the following purposes:

  • Supporting faster automated decision-making in business and professional operations;
  • Assessing personal characteristics to predict health-related risks and outcomes;
  • Improving efficiency and accuracy in healthcare service processes.

In addition, data may be used to train automated decision-making models after all personallyidentifiable information has been removed. We require these systems to be designed in accordance with principles of fairness, transparency, and objectivity.

We may use artificial intelligence (AI) and machine learning to improve healthcare services, as well as communication and customer experience, making our business operations safer and more efficient, and enabling us to provide faster responses and improve processing times. We ensure that personal data in AI environments to be processed for the correct purposes and within the necessary scope, without causing harm to national defense, national security, public order and safety, or infringing on the legitimate interests of individuals.

Examples of specific applications:

  • Operational efficiency improvement: Using voicebots to verify identity in call centers.
  • Customer interaction:
  • Performing personalized marketing campaigns and recommending suitable services based on data analysis;
  • Integrating chatbots and robo-advisors to assist customers.
  • Diagnosis and treatment support: AI analyzes big medical datasets (including medical records and imaging) to detect patterns and trends that are difficult to recognize by humans, helping doctors to make more accurate diagnoses and develop personalized treatment plans.
  • Error mitigation: Automating tasks, such as record reproduction, ordering tests, and dispensing medication to minimize manual errors and enhance patient safety.
  • Administrative task optimization: Automating appointment scheduling, insurance claims processing, medical records management, helping healthcare professionals to spend more time with patients.

6. SHARE AND TRANSFER OF PERSONAL DATA

We may share your personal data internally within Hoan My Medical Corporation and with other relevant parties for the processing purposes stated in this Policy. This sharing may be conducted among internal service providers, business partners, third-party service providers, and agencies or authorities as required by law, both within and outside the territory of Vietnam.

Data recipients may include: individuals or organizations that are associated with you, your employer, or third parties that you represent or have a legal relationship with during your interaction with Hoan My as an individual customer, legal representative, or service beneficiary. All data sharing activities are conducted in compliance with the law and ensure your privacy.

We limit the scope and the subjects with whom your personal data is shared, and apply necessary measures to ensure confidentiality and security of the information throughout the sharing process. Personal data is shared only for lawful processing purposes, in accordance with this Privacy Policy and to the extent permitted by law. The data recipients will be carefully selected and granted access only when it is strictly necessary for the relevant processing purposes. Specifically, your personal data may be shared with the following parties:

  • Member entities within Hoan My Medical Corporation.
  • Duly authorized third parties: including individuals or organizations authorized by you, your legal representatives, or those related to the transaction, such as payment recipients or designated account managers.
  • Service partners: including entities that provide technical, operational, and administrative support, process data and technology, and improve services for Hoan My.
  • Third-party healthcare service providers: such as partner hospitals, clinics, laboratories, pharmacies, doctors, and contractual technicians with the consent of you/your parents.
  • Insurance companies: for managing, verifying, or paying insurance benefits related to healthcare services
  • Professional service providers: including market research companies, legal investigators, management consultants, or other specialized units.
  • Business and media partners: including strategic referral partners, media companies, and online advertising platforms.
  • Financial institutions and payment service providers: such as commercial banks, card issuers, and payment gateways (e.g., VISA, Mastercard).
  • Government authorities: at the request of regulatory agencies, tax authorities, courts, law enforcement agencies, or any other authority as required by law, both within and outside the territory of Vietnam.
  • Parties related to business transactions: such as in the case of mergers, acquisitions, consolidations, transfers, or divestment of part or all of the business. In such cases, your personal data may be transferred and continue to be processed in accordance with the applicable privacy policy, and you will be notified of any significant changes.
  • Other individuals or organizations: when necessary to protect your or our legitimate rights and interests, or for other lawful processing requirements.
  • All recipients of data will be required to comply with confidentiality commitments and will only be allowed to use the data for permitted purposes.

In certain cases, we may store or transfer your personal data abroad to carry out the processing purposes mentioned above. If we transfer your personal data to jurisdictions outside Vietnam, where local laws may not offer the same level of data protection as the jurisdiction where you reside or where we have a relationship, we will take all reasonable and necessary steps to ensure that your personal data is subject to appropriate protection levels and measures in compliance with the applicable laws of Vietnam.

By agreeing to this Policy, you acknowledge and consent to the sharing and transfer by Hoan My of your personal data as described above and within the scope set out in this Policy.

7. PERSONAL DATA PROTECTION

At Hoan My, we are committed to protecting your personal data by implementing comprehensive security measures, including technical, physical, and organizational measures from the outset and throughout the data processing procedures. We internally develop and apply specific information security regulations and procedures to ensure data safety in strict compliance with the provisions of the law.

Specifically, the protection measures applied include:

  • Internal management measures: Training and requiring all officers and employees to strictly adhere to information security procedures and privacy policy.
  • Technical measures: Applying encryption technology, access control, system monitoring, data backup and recovery, and network and device security to prevent unauthorized access, leakage, loss, or destruction of data.
  • Periodic safety check measures: Conducting cybersecurity checks on data processing systems and carrying out the deletion or destruction of equipment containing personal data that is no longer in use.
  • Impact assessment measures: When necessary, we will conduct impact assessments related to the processing or cross-border transfers of personal data and report to state authorities as required by law.
  • Designation of specialized departments and personnel: For sensitive personal data, we designate specialized departments and personnel responsible for data management and protection, and coordinate with the Authority specializing in personal data protection, if requested.

To ensure compliance with personal data protection laws, we will apply legally regulated protection measures for certain special types of personal data as follows:

  • Personal data processed in an artificial intelligence environment: classifying risk levels to implement appropriate protection measures and using suitable authentication and identification methods and controlling access to personal data.
  • Personal location data: not tracking location without user’s consent, implementing measures to prevent the collection of personal location data by unrelated organizations or individuals, and providing options for rejecting personal location data tracking.
  • Biometric data: implementing physical security measures for devices that store and transmit biometric data, restricting access to biometric data, putting in place a monitoring system to prevent and detect any infringement of biometric data, and notifying users if the processing of biometric data causes harm to them.

We also require our service providers, third-party partners, and related organizations with whom we share personal data to comply with equivalent standards of security and privacy when accessing or processing data on our behalf.
Before recording video or audio at events or locations managed by Hoan My, we will notify you in advance and, if necessary, obtain valid consent before recording any personal data.

Although we always strive to apply the best measures to protect personal data, we acknowledge that objective risks still exist, such as technical failures, unauthorized actions by third parties, or force majeure events, etc., which could lead to leakage, loss, or unauthorized access to data. Therefore, you also have a responsibility for protecting your personal information. Please use secure devices, networks, and access systems when using our services, keep your login information and accounts confidential, and notify us immediately if you detect any unauthorized access or misuse of your personal data.

8. PERSONAL DATA STORAGE

Your personal data will be stored and processed for the time necessary to fulfill the informed purposes, or for as long as required by law, whichever provision is currently applicable. The processing of personal data is carried out based on your and/or your parents’ valid consent and will cease when you and/or your parents withdraw consent or request data deletion, unless otherwise provided by law.

We will retain your personal data throughout the time you use our services or maintain a relationship with Hoan My, and for a certain period thereafter to serve legitimate purposes such as retaining medical records according to the Ministry of Health’s guidelines, handling complaints, protecting legal interests, or as requested by state regulatory agencies. The specific retention period will depend on the type of information and the purpose of processing, while adhering to applicable laws and regulations.

By agreeing to this Policy of Hoan My, you consent to allow us to store your data until the expiration of the lawful retention period or according to internal regulations that comply with the law.

9. YOUR PERSONAL DATA PROTECTION RIGHTS

9.1 Your rights as a data subject

Hoan My is committed to honoring and protecting your personal data rights. In accordance with applicable laws and regulations, you—as the data subject—have the following rights:

  • Right to be informed:
    You have the right to be fully and clearly informed about the collection, processing, storage and use of your personal data, unless otherwise provided by law.
  • Right to give consent or not to give consent:
    You have the right to decide whether to allow or refuse the processing of your personal data, except in cases where the law stipulates that consent is not required.
  • Right to access and receive personal data:
    You may request access to and receive a copy of the personal data collected, stored, and processed by us. Furthermore, you may access to view, edit, or have your personal data edited, unless otherwise provided by law.
  • Right to delete personal data:
    You may request us to delete your personal data, except in cases where deletion is restricted or prohibited by law.
  • Right to restrict of data processing:
    You may request us to temporarily suspend or restrict the processing of personal data in certain cases as required by law.
  • Right to object to processing:
    You may object to the processing of your personal data to prevent or limit the disclosure of personal data, or its use for direct advertising or marketing purposes.
  • Right to withdraw consent:
    You may withdraw the consent given for data processing at any time. However, the withdrawal does not affect the legality of the processing activities already performed. The withdrawal may affect our ability to provide products or services.
  • Right to file complaints, denunciations and lawsuits:
    You have the right to lodge a complaint, denounce violations, or initiate a lawsuit if you believe your personal data rights have been infringed.
  • Right to claim damage:
    You have the right to claim compensation for damages if the processing of your personal data violates the law and causes damage to you.
  • Right to self-defense:
    You may take measures by yourself to protect your legitimate rights and interests in accordance with the Civil Code and relevant regulations.
  • Other rights under Vietnamese laws

Please note that, if you are a child under 16 years old, your parents may exercise the above data subject rights on your behalf. If you are a child aged 7 years or older, the processing of your personal data for the purpose of publishing or disclosing information about your private life or personal secrets will require the consent of both you and your parents.

9.2 Exercising your rights – the data subject

During your use of Hoan My’s services, you have the right to:

  • Partially consent, conditionally consent, or only consent to certain purposes of personal data processing;
  • Withdraw consent previously given;
  • Restrict or object to data processing;
  • Request the deletion of personal data.

Please note that, if you are a child under 16 years old, your parents may exercise the above data subject rights on your behalf. If you are a child aged 7 years or older, the processing of your personal data for the purpose of publishing or disclosing information about your private life or personal secrets will require the consent of both you and your parents.

However, in the aforementioned cases, we may be unable or not permitted to provide part or all of the services, utilities, or features, or may have to cease providing services to you, as stipulated by this Policy or the law. If you wish to exercise the rights above (partial consent, conditional consent, or withdrawal of consent), please contact us using the information below for assistance. Upon receiving a valid request, we will stop, restrict, or terminate the processing of your personal data and request related parties to do the same. Note: The withdrawal of consent or request for processing restriction will not affect the legality of the data processing performed before the time of your withdrawal of consent.

We will respond to your personal data rights requests in accordance with applicable law. If you have any questions about your rights, please contact us via the ‘Contact Information’ section of this Policy. Within the scope of the law and this Policy, we will process your requests below (including but not limited to: fully or partially satisfying your request, proposing an extension of the processing time, denying your request, etc.) upon receiving your valid, complete, and clear request:

  • Providing your personal data that we have collected and stored; or
  • Editing your personal data that we have collected and stored; or
  • Deleting your personal data that we have collected and stored; or
  • Restricting the processing of your personal data that we have collected and stored; or
  • Objecting to the processing of your personal data that we have collected and stored to prevent or restrict the disclosure of personal data or the use of personal data for advertising and marketing purposes (unless otherwise provided by law).
  • We reserve the right to charge a reasonable fee for handling your aforementioned requests in accordance with the law.

For a request to provide personal data, please fill out and submit to us the personal data provision request form according to Form No. 01 attached to Decree No. 13/2023/ND-CP dated 17 April 2023 on personal data protection (“PDPD”), or another form of documentation as amended by law from time to time. Please note that a personal data provision request form fully completed according to Form No. 01 attached to the PDPD, or another form of documentation as prescribed by law from time to time, is a legal requirement for your personal data provision request to be considered formally valid. If you require any assistance in filling out and submitting that request form, please contact us via the ‘Contact Information’ section of this Policy.

Please note that we will not provide personal data in the following cases:

  • The provision of personal data harms national defense, national security, social order and safety;
  • The provision of personal data may affect the safety, physical, or mental health of others;
  • The provision of personal data is outside our authority;
  • Other cases as stipulated by law.

Regarding the deletion of personal data, personal data will not be deleted per your request in the following cases:

  • Protecting life and health, honor, dignity, and legitimate rights and interests of you or others in emergency cases;
  • Protecting the legitimate rights or interests of you, others, or the interests of the State, agencies, or organizations when necessary, against acts infringing upon the aforementioned interests;
  • Handling emergency situations; threats to national security; preventing and combating riots, terrorism, preventing and combating crimes and violations of law;
  • Personal data processing is for the purpose of implementing your agreement with relevant agencies, organizations, or individuals as required by law;
  • Personal data processing is for the purpose of complying with a legal obligation, when we must comply with laws and regulations or to serve the operations of state agencies, or state management activities.
  • The implementation of your request for deletion of personal data will violate the following principles: (i) Compliance with laws and regulations; fulfilling the personal data subject’s obligations under a contract. The exercise of the data subject’s rights and obligations must be aimed at protecting the legitimate rights and interests of the data subjects themselves; (ii) Refrain from causing difficulty or hindrance to the exercise of legal rights and obligations of the data controller, data controller and processor, or data processor; (iii) Refrain from infringing upon the legitimate rights and interests of the State, other agencies, organizations, or individuals.
9.3 Your responsibilities in personal data protection

You can also contribute to the protection of your personal data by:

  • Ensuring that personal data provided is complete and accurate;
  • Respecting and protecting the personal data of others;
  • Securing account access information and personal devices;
  • Not sharing others’ information without authorization;
  • Cooperating with us in data protection and processing;
  • Participating in the dissemination of personal data protection practices;
  • Complying with legal regulations related to personal data protection.

10. EFFECTIVENESS, NOTIFICATION, AMENDMENT, AND INTEGRITY OF THE POLICY

When you use our products and services and/or when you establish a transaction or other relationship with us, this Policy will form part of the general conditions of transaction for using our products and services, the respective terms and conditions of the products and services you enter into with us, and/or the service contracts, agreements, and other documents governing the relationship between you and us.

We reserve the right to update, amend, and supplement this Policy and will notify you of such amendments and updates through the communication channels between you and us, such as via public announcement, on our website, email, mobile application, mobile text message, or other methods. We will obtain the necessary consent from you and/or your parents in cases where the law requires the data subject’s consent for amendments and/or updates to this Policy. The date stated at the end of the ‘Contact Information’ section of this Policy is the most recent date on which the Policy was updated. We recommend that you regularly check the communication channels between you and us for information on the latest updates to this Policy.

Note: Some services or products may be accompanied by separate terms regarding the collection, use, and disclosure of personal data. These terms must be construed and applied in conjunction with this Policy.

11. MECHANISM FOR RECEIVING AND RESOLVING CONSUMER COMPLAINTS RELATED TO THE MISUSE OR USE OF PERSONAL INFORMATION OUTSIDE THE INFORMED PURPOSES

If you wish to exercise your rights as a data subject, or have any questions, requests, feedback, or suggestions related to personal data protection or the content of this Privacy Policy, or if you suspect user account or password has been disclosed, you can contact us through the website www.hoanmy.com or via email at [email protected] for assistance.

Any complaints or disputes regarding the Privacy Policy, the decision of Hoan My Medical Corporation will be final. We regret that we will be unable to provide our services to you if you and/or your parents do not agree to this Policy.