Order Now

Dulce de Saigon

Data Storage Policy

1. Introduction

This Data Storage Policy explains how Dulce de Saigon stores and protects customer data. As a small business, we use standard industry tools and follow Vietnamese data protection laws, including Decree No. 13/2023/ND-CP (PDPD).

2. How We Store Your Data

2.1 Our Storage Systems

We use a combination of:

  • Local Servers: Password-protected servers at our business location
  • Google Cloud Services: Google Drive, Google Sheets, and other Google Workspace tools
  • Fabi POS System: Our point-of-sale system that complies with local regulations

2.2 Data Security

We protect your data through:

  • Strong, unique passwords on all systems
  • Google’s built-in security features (two-factor authentication enabled)
  • Regular password updates
  • Limited access (only business owner and authorized staff)
  • Secure internet connections

3. What Data We Store

3.1 Customer Information

  • Names and contact details
  • Order history
  • Delivery addresses
  • Payment records (processed securely through POS)

3.2 Business Operations

  • Sales records
  • Inventory data
  • Supplier information
  • Marketing analytics

4. Data Retention Periods

We keep data according to Vietnamese law:

Data TypeHow Long We Keep ItWhy
Customer orders5 yearsBusiness records and tax requirements
Accounting records10 yearsVietnamese accounting law
Payment records5 yearsBanking regulations
Marketing consentUntil you unsubscribePDPD requirements
Website cookiesUp to 25 monthsStandard analytics

5. Where Your Data is Located

  • Primary Storage: Vietnam (local servers and Google’s systems)
  • Google Services: May process data internationally but we maintain control
  • Payment Processing: Through Vietnamese-registered payment providers

We ensure Vietnamese citizen data protection requirements are met through our service providers’ compliance programs.

6. Third-Party Services We Use

6.1 Business Partners

  • Fabi POS: Order and payment processing
  • GrabFood/ShopeeFood: Delivery orders
  • Google Workspace: Business operations and data storage
  • Local Banks: Payment processing

6.2 Their Responsibilities

All our partners:

  • Follow Vietnamese data protection laws
  • Have their own security measures
  • Process data only for specified purposes

7. Data Backup

  • Automatic Backups: Google Drive automatically backs up our data
  • POS Backups: Daily through Fabi system
  • Local Copies: Important records kept on password-protected local drives

8. Your Rights

You can request to:

  • See what data we have about you
  • Correct any mistakes
  • Delete your data (where legally allowed)
  • Stop receiving marketing messages

To exercise these rights, contact us directly.

9. Data Protection Measures

9.1 What We Do

  • Use strong passwords (minimum 12 characters, mixed characters)
  • Enable two-factor authentication on Google accounts
  • Limit access to customer data
  • Train staff on data protection
  • Keep software updated

9.2 Google’s Security

We rely on Google’s enterprise-level security:

  • Encryption in transit and at rest
  • Regular security audits
  • Compliance with international standards
  • 24/7 monitoring

10. If Something Goes Wrong

10.1 Data Breach Response

If a data breach occurs:

  1. We secure our systems immediately
  2. Notify authorities within 72 hours (as required by law)
  3. Contact affected customers if there’s high risk
  4. Document and learn from the incident

10.2 Your Protection

  • We don’t store unnecessary sensitive data
  • Payment card details are processed through secure POS, not stored
  • Personal data is kept separate from public information

11. International Data Transfers

When using Google services:

  • Data may be processed internationally
  • Google provides appropriate safeguards
  • We maintain control over your data
  • You can request information about transfers

12. Updates to This Policy

We review this policy annually and update it when:

  • Laws change
  • We add new services
  • We improve our security

Updates will be posted on our website.

13. Contact Us

For questions about how we store your data:

Dulce de Saigon
Contact: Jamie (Owner)
Email: [Your email]
Phone: [Your phone]
Address: [Your address], District 3, Ho Chi Minh City

We’ll respond within 72 hours to any data protection inquiries.

14. Legal Compliance

This policy complies with:

  • Decree No. 13/2023/ND-CP on Personal Data Protection
  • Vietnamese Cybersecurity Law
  • Relevant banking and commerce regulations

We work with our service providers to ensure ongoing compliance.

Note: This policy reflects our actual data storage practices as a small business using standard commercial tools. We are committed to protecting your data while operating efficiently.