Dulce de Saigon

Data Storage Policy

Last updated: 15/06/2026

1. Introduction

This Data Storage Policy explains how Dulce de Saigon (“we”, “us”, or “our”) collects, stores, protects, and manages customers’ personal data when they visit https://dulcedesaigon.com, place an order, contact us, or use related services.

This policy is prepared with reference to Vietnamese personal data protection regulations, including Decree No. 13/2023/ND-CP on Personal Data Protection and other applicable laws and regulations.

We are committed to collecting and storing only the data necessary for reasonable, transparent, and legitimate business purposes related to Dulce de Saigon’s operations.

2. Data we may store

Depending on how you interact with our website or services, we may store the following categories of data:

2.1 Customer information

  • Full name;
  • Phone number;
  • Email address;
  • Delivery address or pickup/delivery area;
  • Requests or messages you send to us;
  • Order history, where applicable;
  • Information related to customer support.

2.2 Order and payment information

  • Products ordered;
  • Order value;
  • Order date and time;
  • Order status;
  • Payment method;
  • Delivery information.

We do not intentionally store full payment card details on the website. Payment transactions, where applicable, are processed through POS systems, banks, e-wallets, or relevant payment service providers.

2.3 Website and cookie data

When you visit our website, certain technical data may be collected through cookies or similar technologies, such as:

  • IP address;
  • Browser and device type;
  • Display language;
  • Pages visited;
  • Traffic source;
  • Basic website interaction data.

The use of cookies is described in more detail in our Cookie Policy.

2.4 Business operation data

We may also store certain data for internal business operations, including:

  • Sales records;
  • Inventory data;
  • Supplier information;
  • Accounting data;
  • Business and marketing performance analysis data.

3. Purposes of data storage

We store data for the following purposes:

  • Processing customer orders and requests;
  • Delivering orders or supporting delivery through partners;
  • Contacting and supporting customers;
  • Managing payments, invoices, and accounting records;
  • Improving our website, products, and services;
  • Analyzing business and marketing performance;
  • Protecting system security and preventing fraud;
  • Complying with legal, accounting, tax, and regulatory requirements.

We do not sell customers’ personal data.

4. Systems and storage locations

Data may be stored on the following systems:

4.1 Website system

Some data may be stored on the website or website administration system, such as contact data, technical data, cookies, or data related to user interactions with the website.

4.2 Google Workspace and cloud storage tools

We may use Google Drive, Google Sheets, Gmail, or other Google Workspace tools to manage operational data, orders, reports, or contact information.

4.3 POS / ordering systems

We may use POS systems or ordering systems to process orders, payments, sales reports, and business operations.

4.4 Delivery, ordering, and payment partners

When you place an order or make a payment through a third party, certain data may be processed by partners such as delivery platforms, ordering platforms, e-wallets, banks, or payment service providers.

These third parties have their own privacy and data storage policies.

5. Data retention period

We store data only for as long as necessary for the relevant processing purposes, unless a longer retention period is required or permitted by law.

Indicative retention periods are as follows:

Type of dataExpected retention periodPurpose
Customer contact informationUntil the request is completed or for as long as necessary for customer supportContact and customer support
Order dataUp to 5 years or as required by lawOrder management, reconciliation, tax, and accounting
Accounting records, invoices, and supporting documentsAccording to accounting and tax law requirementsLegal compliance
Payment dataAccording to the rules of banks, e-wallets, or payment providersTransaction processing and reconciliation
Marketing consentUntil you withdraw your consent or unsubscribeManaging marketing preferences
Cookie and website analytics dataAccording to our Cookie Policy and each tool’s settingsWebsite analytics and performance measurement
Backup dataAccording to internal backup cyclesSystem recovery when needed

When data is no longer necessary, or when we receive a valid request from you, we will delete, anonymize, or restrict the processing of data in accordance with applicable law and technical feasibility.

6. Third-party services

We may use third-party services to operate our website and business activities, including but not limited to:

  • Google Workspace;
  • Google Analytics;
  • Google Tag Manager;
  • Google Ads or Google conversion tracking tools;
  • Google Maps;
  • Google Fonts;
  • Facebook / Meta;
  • Instagram;
  • TikTok;
  • POS systems or ordering platforms;
  • GrabFood, ShopeeFood, or other delivery platforms where used;
  • Banks, e-wallets, or payment service providers;
  • Hosting, security, backup, and website optimization providers.

These third parties should only process data for purposes related to the services they provide. We aim to select service providers that apply appropriate security measures and maintain clear data processing policies.

7. Cross-border data transfer

Some third-party services, especially cloud, analytics, marketing, or international platform services, may process or store data outside Vietnam.

Where such transfer or processing outside Vietnam occurs, we aim to apply appropriate safeguards in accordance with applicable Vietnamese personal data protection requirements.

8. Data protection measures

We apply reasonable measures to protect personal data, including:

  • Using strong passwords for administrative accounts;
  • Limiting data access to authorized personnel;
  • Using two-factor authentication where possible;
  • Keeping website software, plugins, and related systems up to date;
  • Performing regular data backups;
  • Using secure HTTPS connections;
  • Monitoring and addressing security risks when detected;
  • Providing guidance or training to staff on the protection of customer data.

9. Data backups

To ensure business continuity and recovery in case of incidents, we may perform data backups through:

  • Website or hosting backup systems;
  • Google Drive or cloud storage tools;
  • POS systems or sales software;
  • Password-protected internal copies where necessary.

Backup data is mainly used for system recovery, reconciliation, or ensuring business continuity.

10. Your rights

Under personal data protection regulations, you may have rights relating to your personal data, including:

  • The right to be informed about personal data processing activities;
  • The right to request access to your personal data;
  • The right to request correction or updating of inaccurate data;
  • The right to withdraw consent for processing activities based on consent;
  • The right to request deletion, restriction of processing, or objection to processing within the limits permitted by law;
  • The right to stop receiving marketing communications;
  • The right to complain or contact a competent authority if you believe your data is processed improperly.

To exercise these rights, please contact us using the contact details provided in the “Contact” section below.

11. Data incident response

If we detect an incident that may affect personal data, we will take appropriate steps, including:

  1. Identifying and isolating the incident;
  2. Securing the system and limiting further damage;
  3. Assessing the type of data and number of users that may be affected;
  4. Notifying the competent authority within the legally required timeframe if the incident is subject to notification;
  5. Notifying affected customers where necessary;
  6. Recording, reviewing, and improving protection measures to reduce the risk of similar incidents.

12. Updates to this policy

We may update this Data Storage Policy when:

  • There are changes to the website, storage systems, or service providers;
  • There are changes in how we collect, store, or process data;
  • There are changes in applicable legal requirements;
  • We improve our security and data management processes.

The latest version of this policy will always be published on this page.

13. Contact

If you have any questions about this Data Storage Policy or wish to exercise your rights relating to your personal data, please contact us:

  • Dulce de Saigon
  • Contact person: Jamie, Owner
  • Current address: 382/15 Nguyen Thi Minh Khai Street, Ban Co Ward, Ho Chi Minh City, Vietnam
  • Previous reference address: 382/15 Nguyen Thi Minh Khai Street, Ward 5, District 3, Ho Chi Minh City, Vietnam
  • Website: https://dulcedesaigon.com
  • Email: hello@dulcedesaigon.com
  • Phone: +84 903 305 993

We will make reasonable efforts to respond to valid requests within an appropriate timeframe and in accordance with applicable law.

14. Legal compliance

This policy is prepared with reference to relevant Vietnamese laws and regulations, including:

  • Decree No. 13/2023/ND-CP on Personal Data Protection;
  • Personal Data Protection Law No. 91/2025/QH15, when effective;
  • Law on Cybersecurity No. 24/2018/QH14;
  • Law on Electronic Transactions No. 20/2023/QH15;
  • Relevant accounting, tax, e-commerce, payment, and anti-spam regulations where applicable.

15. Language

This policy may be provided in both Vietnamese and English. In case of any discrepancy between the two versions, the Vietnamese version shall prevail.