Last updated: 15/06/2026
1. Introduction
Dulce de Saigon (“we”, “us”, or “our”) respects customers’ privacy and is committed to protecting personal data when customers visit https://dulcedesaigon.com, place orders, contact us, subscribe to updates, or use our related services.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data. It also explains your rights in relation to your personal data under applicable Vietnamese laws.
This policy is prepared with reference to relevant Vietnamese laws and regulations, including Decree No. 13/2023/ND-CP on Personal Data Protection, Personal Data Protection Law No. 91/2025/QH15 when effective, the Law on Electronic Transactions, the Law on Cybersecurity, the Law on Protection of Consumers’ Rights, and other relevant regulations.
2. Information about Dulce de Saigon
- Brand / Business name: Dulce de Saigon
- Website display name: Dulce de Saigon Bakery District 3
- Contact person: Jamie, Owner
- Current address: 382/15 Nguyen Thi Minh Khai Street, Ban Co Ward, Ho Chi Minh City, Vietnam
- Previous reference address: 382/15 Nguyen Thi Minh Khai Street, Ward 5, District 3, Ho Chi Minh City, Vietnam
- Website: https://dulcedesaigon.com
- Email: hello@dulcedesaigon.com
- Phone: +84 903 305 993
3. Personal data we may collect
Depending on how you interact with our website or services, we may collect and process the following categories of data:
3.1 Identification and contact information
- Full name;
- Phone number;
- Email address;
- Delivery address or pickup/delivery area;
- Messages, requests, or feedback you send to us.
3.2 Order and transaction information
- Products ordered;
- Order value;
- Order date and time;
- Order status;
- Payment method;
- Delivery information;
- Purchase history or customer support information, where applicable.
We do not intentionally store full payment card details on the website. Payment transactions, where applicable, are processed through banks, e-wallets, POS systems, or relevant payment service providers.
3.3 Technical and website usage data
When you visit our website, certain technical data may be collected automatically, including:
- IP address;
- Browser type;
- Device and operating system;
- Display language;
- Pages visited;
- Access time;
- Traffic source;
- Cookie and similar technology data.
The use of cookies is explained in more detail in our Cookie Policy.
3.4 Preference and marketing data
If you subscribe to updates, participate in promotions, or interact with marketing content, we may process:
- Email, SMS, or promotional communication preferences;
- Interaction history with marketing content;
- Your consent or withdrawal of consent for receiving marketing communications.
3.5 Sensitive personal data, where applicable
In some cases, you may voluntarily provide information related to allergies, dietary restrictions, or special product requests.
We only process this information when necessary to fulfill your request and with appropriate consent. We do not require you to provide sensitive personal data unless it is necessary for order fulfillment or customer support.
3.6 Security camera data at the store
If security cameras are used at our store, images may be recorded for the purpose of protecting customers, staff, property, and supporting incident handling where necessary.
4. How we collect data
We may collect data from the following sources:
4.1 From your direct interactions
- When you place an order in-store, on the website, or through an ordering platform;
- When you contact us via form, email, phone, social media, or chat channel;
- When you subscribe to newsletters or promotional updates;
- When you participate in surveys, offers, or customer programs;
- When you send support requests or feedback.
4.2 Through automated technologies
- Cookies and tracking technologies on the website;
- Website analytics tools such as Google Analytics or Google Tag Manager;
- POS systems or ordering systems;
- Marketing performance measurement tools where used.
4.3 From third parties
We may receive or process data through relevant third parties, including:
- Ordering or delivery platforms such as GrabFood, ShopeeFood, or similar platforms;
- Payment gateways, e-wallets, banks, or payment partners;
- POS systems or sales software;
- Social media platforms;
- Wholesale customers, business partners, or relevant service providers.
5. Purposes of personal data processing
We process personal data for the following purposes:
| Processing purpose | Related data categories | Processing basis |
|---|---|---|
| Processing orders and delivering products | Contact information, address, order information | Fulfilling customer requests or transactions |
| Processing payments and reconciliation | Transaction information, payment method | Completing transactions and accounting obligations |
| Customer support | Contact information, request content, support history | Supporting customers and handling requests |
| Sending promotions or newsletters | Email, phone number, marketing preferences | Customer consent |
| Improving the website, products, and services | Website usage data, feedback, analytics data | Improving customer experience and business operations |
| Security, fraud prevention, and incident handling | Technical data, system logs, security camera data where applicable | Protecting systems, customers, staff, and property |
| Legal compliance | Transaction data, invoices, documents, related data | Compliance with legal requirements |
We only process data within the scope of the purposes notified to you, unless otherwise permitted or required by law.
6. Your consent
For processing activities that require consent, we aim to provide clear information about:
- The type of data being processed;
- The purpose of processing;
- The processor or relevant third parties, where applicable;
- Your rights in relation to personal data;
- How you can withdraw your consent.
You have the right to give consent, refuse consent, or withdraw consent for processing activities based on consent. Withdrawal of consent may affect certain services or features if the relevant data is necessary to provide those services.
7. Data sharing and disclosure
We may share personal data with the following parties where necessary and appropriate for the processing purposes:
- Authorized personnel of Dulce de Saigon;
- Delivery partners or ordering platforms;
- Payment providers, banks, or e-wallets;
- POS systems, sales software, or technology providers;
- Hosting, security, backup, analytics, or website optimization providers;
- Email service, cloud storage, or business operation tool providers;
- Professional advisers such as accountants, auditors, or lawyers where necessary;
- Competent state authorities where required by law.
We do not sell customers’ personal data. We do not share personal data for third-party marketing purposes without your appropriate consent.
8. Third-party services
Our website and business operations may use certain third-party services, including but not limited to:
- Google Analytics;
- Google Tag Manager;
- Google Ads or Google conversion tracking tools;
- Google Fonts;
- Google Maps;
- Facebook / Meta;
- Instagram;
- TikTok;
- Review widgets or social media tools;
- POS systems or ordering platforms;
- GrabFood, ShopeeFood, or delivery platforms where used;
- Banks, e-wallets, or payment service providers;
- Hosting, security, backup, and website optimization providers.
These third parties may process data according to their own policies. When you interact with an external platform or link, your data may be processed by the relevant third-party platform.
9. Cross-border data transfer
Some third-party services, especially cloud, analytics, marketing, social media, or international platform services, may process or store data outside Vietnam.
Where such transfer or processing outside Vietnam occurs, we aim to apply appropriate safeguards in accordance with applicable Vietnamese personal data protection requirements.
10. Data retention
We retain personal data only for as long as necessary for the relevant processing purposes, unless a longer retention period is required or permitted by law.
Indicative retention periods are as follows:
| Type of data | Expected retention period | Purpose |
|---|---|---|
| Customer contact information | Until the request is completed or for as long as necessary for customer support | Contact and customer support |
| Order data | Up to 5 years or as required by law | Order management, reconciliation, accounting, and tax |
| Accounting records, invoices, and supporting documents | According to accounting and tax law requirements | Legal compliance |
| Marketing consent | Until you withdraw your consent or unsubscribe | Managing marketing preferences |
| Cookie and website analytics data | According to our Cookie Policy and each tool’s settings | Website analytics and performance measurement |
| Security camera data, where applicable | According to internal retention cycles, unless longer retention is needed for incident handling | Security and incident handling |
| Backup data | According to internal backup cycles | System recovery when needed |
When data is no longer necessary, or when a valid request is received, we will delete, anonymize, or restrict the processing of data in accordance with applicable law and technical feasibility.
11. Your rights
Under personal data protection regulations, you may have the following rights:
- The right to be informed about personal data processing activities;
- The right to give or refuse consent to personal data processing where consent is required;
- The right to withdraw consent previously provided;
- The right to request access to or information about your personal data;
- The right to request correction or updating of inaccurate data;
- The right to request deletion or restriction of processing within the limits permitted by law;
- The right to object to personal data processing in certain cases;
- The right to stop receiving marketing communications;
- The right to complain, report violations, initiate legal action, or claim compensation in accordance with applicable law if your rights are affected.
12. How to exercise your rights
To exercise your rights relating to personal data, you may contact us at:
- Dulce de Saigon
- Contact person: Jamie, Owner
- Current address: 382/15 Nguyen Thi Minh Khai Street, Ban Co Ward, Ho Chi Minh City, Vietnam
- Previous reference address: 382/15 Nguyen Thi Minh Khai Street, Ward 5, District 3, Ho Chi Minh City, Vietnam
- Email: hello@dulcedesaigon.com
- Phone: +84 903 305 993
When we receive your request, we may need to verify your identity before processing the request. We will make reasonable efforts to respond to valid requests within an appropriate timeframe and in accordance with applicable law.
13. Data security
We apply reasonable measures to protect personal data, including:
13.1 Technical measures
- Using secure HTTPS/SSL connections;
- Keeping the website, plugins, systems, and related software up to date;
- Restricting access to administration systems;
- Using strong passwords and additional authentication where possible;
- Performing regular data backups;
- Monitoring and addressing security risks when detected.
13.2 Organizational measures
- Allowing only authorized personnel to access necessary data;
- Providing staff guidance on customer data protection;
- Managing access rights based on roles;
- Applying confidentiality requirements to relevant providers or partners where appropriate.
14. Data incident response
If we detect an incident that may affect personal data, we will take appropriate steps, including:
- Identifying and isolating the incident;
- Securing the system and limiting further damage;
- Assessing the type of data and number of users that may be affected;
- Notifying the competent authority within the legally required timeframe if the incident is subject to notification;
- Notifying affected customers where necessary;
- Recording, reviewing, and improving protection measures to reduce the risk of similar incidents.
15. Children’s privacy
Our services are not directed to children under 16 years old. We do not knowingly collect personal data from children without appropriate consent from a parent or legal guardian as required by law.
If you believe that a child has provided personal data to us without appropriate consent, please contact us for assistance.
16. Marketing communications
We only send marketing information, newsletters, promotions, or direct advertising content where there is an appropriate basis, including your consent where required by law.
You may unsubscribe or request to stop receiving marketing communications at any time by:
- Clicking the unsubscribe link in an email, where available;
- Following opt-out instructions in a message, where available;
- Contacting us directly.
Email, message, or call-based marketing activities, where applicable, will be conducted in accordance with laws on anti-spam, advertising, and personal data protection.
17. Cookies and tracking technologies
We use cookies and similar technologies to help the website function properly, improve user experience, analyze website traffic, and support marketing activities where you have given consent.
You can find more detailed information in our Cookie Policy available on the website.
18. Third-party links
Our website may contain links to third-party websites, ordering platforms, delivery platforms, social media platforms, or services.
We do not control the privacy policies or data processing practices of those third parties. You should read the privacy and cookie policies of third parties before providing personal data to them.
19. Business customers and B2B partners
For business customers, wholesale partners, or suppliers, we may process additional data such as:
- Company name;
- Tax code;
- Billing address;
- Representative or contact person;
- Contract, transaction, payment, and delivery information.
This data is processed for the purposes of managing business relationships, quotations, contract signing and performance, invoicing, delivery, accounting, and legal compliance.
20. Updates to this Policy
We may update this Privacy Policy when:
- There are changes to the website, products, or services;
- There are changes in how we collect, use, store, or share data;
- There are changes to service providers or third-party tools;
- There are changes in applicable legal requirements;
- We improve our security and data management processes.
The latest version will always be published on this page. If there are significant changes, we may provide additional notice on the website or through an appropriate contact channel.
21. Competent authority
If you believe that your personal data is being processed improperly, you have the right to complain, report violations, or contact a competent authority in accordance with Vietnamese law.
Depending on the case, the competent authority may include the Ministry of Public Security, the Department of Cybersecurity and High-Tech Crime Prevention and Control, or another competent state authority as prescribed by law.
22. Reference definitions
In this Policy:
- “Personal data” means information relating to an identified or identifiable individual.
- “Personal data processing” means one or more activities affecting personal data, including collection, recording, analysis, confirmation, storage, modification, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data, or other related actions.
- “Consent” means your voluntary, clear, and informed permission for the processing of your personal data.
- “Third party” means another organization or individual that may participate in the processing of personal data in accordance with applicable law.
23. Language
This Policy may be provided in both Vietnamese and English. In case of any discrepancy between the two versions, the Vietnamese version shall prevail.