Privacy Policy

1. Introduction

Dulce de Saigon (“we,” “us,” “our,” or the “Company”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or interact with our business.

This policy complies with Vietnamese data protection laws including:

• Decree No. 13/2023/ND-CP on Personal Data Protection (PDPD)
• Law on Consumer Rights Protection No. 19/2023/QH15
• Law on Electronic Transactions No. 20/2023/QH15
• Law on Cybersecurity No. 24/2018/QH14

2. Data Controller Information

Company Name: Dulce de Saigon
Business Registration: [Your Business Registration Number]
Address: [Your Address], District 3, Ho Chi Minh City, Vietnam
Contact: Jamie (Owner)
Email: [Your email]
Phone: [Your phone]

3. Information We Collect

3.1 Personal Data

Information that identifies you directly:

• Identity Data: Full name, date of birth, gender
• Contact Data: Email address, phone number, delivery address
• Account Data: Username, password, customer ID
• Financial Data: Payment card details, billing address
• Transaction Data: Order history, payment records, delivery information

3.2 Technical Data

Information collected automatically:

• Device Data: IP address, browser type, operating system
• Usage Data: Pages visited, click patterns, time spent on site
• Location Data: General location (District 3, HCMC) for delivery purposes
• Cookie Data: See our Cookie Policy for details

3.3 Sensitive Personal Data

We may collect with explicit consent:

• Dietary Information: Allergies, dietary restrictions
• Health Data: Only when relevant for special dietary requirements

4. How We Collect Information

4.1 Direct Interactions

When you:

• Place orders (in-store, online, or via delivery platforms)
• Create an account on our website
• Subscribe to our newsletter
• Contact us with inquiries
• Participate in promotions or surveys

4.2 Automated Technologies

• Website cookies and tracking technologies
• POS system (Fabi) transactions
• Security cameras in our physical location

4.3 Third Parties

• Delivery platforms (GrabFood, ShopeeFood)
• Payment processors
• Social media platforms
• Business partners and wholesale clients

5. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

6. Data Sharing and Disclosure

6.1 We Share Data With:

• Service Providers: Delivery partners, payment processors, cloud storage
• Professional Advisers: Lawyers, accountants, auditors
• Government Authorities: When required by law
• Business Partners: With your consent for joint promotions

6.2 We Do NOT:

• Sell your personal data to third parties
• Share data for third-party marketing without consent
• Transfer sensitive data without explicit permission

7. International Data Transfers

Your data is primarily stored in Vietnam. If international transfer is necessary:

• We obtain your explicit consent
• We conduct Transfer Impact Assessments
• We ensure adequate protection measures
• We comply with PDPD cross-border requirements

8. Data Retention

We retain your data according to legal requirements:

• Customer Data: 5 years from last interaction
• Transaction Records: 10 years (accounting law)
• Marketing Consent: Until withdrawn or 2 years inactive
• CCTV Footage: 30 days
• Website Analytics: 26 months

9. Your Rights

Under Vietnamese data protection law, you have the right to:

9.1 Access Rights

• Request copies of your personal data
• Know how your data is processed
• Understand with whom your data is shared

9.2 Correction Rights

• Update inaccurate information
• Complete incomplete data
• Request verification of corrections

9.3 Deletion Rights

• Request deletion when no longer necessary
• Withdraw consent for processing
• Object to direct marketing

9.4 Other Rights

• Data Portability: Receive your data in structured format
• Restriction: Limit how we use your data
• Objection: Object to certain types of processing
• Automated Decisions: Not be subject to purely automated decisions
• Complaint: Lodge complaints with authorities

10. Exercising Your Rights

To exercise any of your rights:

1. Email: [Your email]
2. Phone: [Your phone]
3. In Person: Visit our store in District 3

We will respond within 72 hours and work to fulfill your request as quickly as possible.

11. Data Security

We implement appropriate security measures:

11.1 Technical Measures

• Encryption of personal data
• Secure SSL connections
• Regular security updates
• Access controls and authentication

11.2 Organizational Measures

• Staff training on data protection
• Confidentiality agreements
• Limited access based on roles
• Regular security audits

11.3 Incident Response

• Breach notification to authorities within 72 hours
• Customer notification for high-risk breaches
• Documented incident procedures

12. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect data from children without parental consent. If you believe we have collected data from a child, please contact us immediately.

13. Marketing Communications

13.1 Consent

We only send marketing with your explicit consent:

• Email newsletters
• SMS promotions
• Social media advertising

13.2 Opt-Out

You can unsubscribe at any time:

• Click “unsubscribe” in emails
• Reply “STOP” to SMS
• Contact us directly

13.3 Anti-Spam Compliance

All marketing includes:

• Clear sender identification
• Accurate subject lines
• Unsubscribe options
• “QC” prefix as required by law

14. Cookies and Tracking

We use cookies to improve your experience. See our [Cookie Policy] for details on:

• Types of cookies used
• Managing cookie preferences
• Third-party cookies

15. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

16. Updates to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Significant changes will be notified via:

• Website announcement
• Email notification (for registered users)
• In-store notices

17. Language

This Privacy Policy is available in:

• Vietnamese (primary)
• English (translation)

In case of discrepancy, the Vietnamese version prevails.

18. Contact Us

For privacy questions, concerns, or requests:

Dulce de Saigon
Contact: Jamie (Owner)
Email: [Your email]
Phone: [Your phone]
Address: [Your address], District 3, Ho Chi Minh City, Vietnam

Response Times:

• Initial acknowledgment: Within 72 hours
• Full response: Within reasonable timeframe based on request complexity

19. Supervisory Authority

You have the right to lodge complaints with:

Authority of Information Security
Ministry of Information and Communications
18 Nguyen Du, Hanoi, Vietnam
Website: https://ais.gov.vn

20. Specific Provisions for Business Clients

For wholesale and B2B customers:

• Additional data collected: Company information, tax ID, authorized representatives
• Purpose: Business relationship management, invoicing, delivery
• Retention: 10 years per commercial law requirements

Appendix A: Definitions

Personal Data: Information relating to an identified or identifiable individual
Processing: Any operation performed on personal data
Consent: Freely given, specific, informed agreement
Data Controller: Entity determining purposes and means of processing
Data Processor: Entity processing data on behalf of controller
Sensitive Personal Data: Data requiring special protection under PDPD

Appendix B: Quick Reference – Your Rights