Data Protection Policy
Last updated: January 2025
This policy outlines our commitment to protecting your personal data in compliance with Vietnam's Personal Data Protection Decree No. 13/2023/ND-CP and international best practices.
1. Data We Protect
We protect all personal and financial data you share with us, including:
Personal Information
Name, nationality, passport/ID, contact details
Financial Data
Income, tax withholdings, deductions, bank details
Employment Data
Employer information, contracts, work history
Tax Records
Filings, calculations, correspondence with authorities
2. Security Measures
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3 with 256-bit encryption.
Encryption at Rest
Stored data is encrypted using AES-256 encryption standard, with keys managed through secure key management systems.
Access Controls
Strict role-based access controls ensure only authorized personnel can access client data, with all access logged and auditable.
Secure Backups
Regular encrypted backups with geographic redundancy ensure data recovery capabilities.
3. Data Storage & Location
Your data is stored on secure servers with the following characteristics:
- •Primary servers located in secure data centers with 24/7 physical security
- •Geographic redundancy ensures data availability and disaster recovery
- •Data remains within jurisdictions compliant with Vietnamese data protection requirements
- •Regular penetration testing and vulnerability assessments conducted
4. Your Data Rights
Under Vietnam's Personal Data Protection Decree, you have the following rights:
Right to Access
Request a complete copy of your personal data held by VietPIT.
Right to Correction
Request correction of any inaccurate or incomplete personal data.
Right to Deletion
Request deletion of your data (subject to legal retention requirements).
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing of your data for direct marketing purposes.
Right to Restriction
Request restriction of processing in certain circumstances.
5. Data Breach Response
In the unlikely event of a data breach, we commit to:
- •Notify affected individuals within 72 hours of breach confirmation
- •Report to relevant Vietnamese authorities as required by law
- •Take immediate steps to contain and remediate the breach
- •Provide clear information about the nature and scope of the breach
6. Data Retention & Deletion
Active Period: Your data is retained throughout our service engagement.
Legal Requirement: Tax records are retained for minimum 5 years after filing as required by Vietnamese tax law.
Deletion: After the retention period, data is securely deleted using industry-standard methods that prevent recovery.
Anonymization: Some data may be anonymized for statistical analysis without identifying individuals.
7. Legal Basis for Processing
We process your data based on the following legal grounds:
Contract Performance
Processing necessary to deliver tax services you've requested
Legal Obligation
Compliance with Vietnamese tax laws and regulations
Legitimate Interest
Improving services and preventing fraud
Consent
Marketing communications (where explicitly consented)
8. Data Protection Contact
For data protection inquiries or to exercise your rights, contact our Data Protection Officer:
Email: dpo@vietpit.vn
Phone: ZALO: +84703027485
Response Time: Within 30 days of request
This policy is issued in compliance with Vietnam's Personal Data Protection Decree.
View Decree 13/2023/ND-CP on vbpl.vn