1. DATA CONTROLLER

Legal name: WiGroup Joint Stock Company

Business registration number: 0315769712

Address: 23 Street No. 53, An Phu Ward, Thu Duc City, Ho Chi Minh City, Vietnam

Email: tuvan@wigroup.vn

Hotline: 1900 3109

2. SCOPE OF APPLICATION

This Policy applies to all individuals and organizations accessing and using WiData's products and services, including: website wigroup.vn and its subdomains; WiData Terminal (web); WiData Excel Add-in for Microsoft Excel; WiData API and integrations; customer support channels.

3. DATA WE COLLECT

3.1. Account Identification Data

When registering an account, we collect: full name; email address; phone number; organization name and job title (for corporate clients); username; password (encrypted — we do not store passwords in plain text).

3.2. Usage and Behavioral Data

To improve product quality and user experience, we collect data on how you interact with our services:

• Features and tools used (charts, dashboards, filters, reports viewed)
• Frequency and duration of feature usage
• Search queries, stock codes, industries, and companies of interest
• In-app interaction journeys, errors encountered, and page load performance
• Metadata of self-created reports and dashboards, and file export history (we do not access your created content)

This data is used to: detect and fix product bugs; prioritize frequently requested features; optimize performance and user experience. We process this data primarily in aggregated form (combined, non-identifying), not for building individual profiles for financial assessment or targeted advertising.

3.3. Technical and Device Data

IP address, approximate geographic location (province/city level); device type, operating system, browser, language; device identifier, session ID; access logs (timestamp, API endpoint, response status code).

3.4. Payment Data

Credit card/bank account information is processed directly through payment gateways [VNPay/MoMo/...] compliant with PCI-DSS standards. WiData does not store card or bank account details. We only retain summarized transaction records (transaction ID, amount, timestamp, status) for accounting and customer support purposes.

3.5. Data You Voluntarily Provide

Content of support requests via email, hotline, or chat; survey responses and product reviews; reports, notes, and content you create within the system.

4. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

We process your personal data based on the following legal grounds (pursuant to PDPL 2025):

• a) Contract Performance: Providing accounts, login authentication, technical support, payment processing, and data access rights according to subscription plan.
• b) Your Consent: Sending marketing emails, market analysis newsletters, and event invitations. You may withdraw consent at any time via the unsubscribe link in our emails or by contacting tuvan@wigroup.vn.
• c) Legitimate Interests of WiGroup: Improving products through aggregated usage behavior analysis, fraud detection, system security, and internal analytics.
• d) Legal Compliance: Fulfilling requirements from competent State authorities as required by law; retaining accounting and tax records.

5. DATA SHARING WITH THIRD PARTIES

WiGroup does not sell your personal data. We only share data in the following circumstances:

5.1. Service Providers (Sub-processors)

The following partners support service operations and are only permitted to process data under our instructions, adhering to equivalent security standards:

• Cloud infrastructure: [AWS — specific region]
• Usage analytics: [Google Analytics 4]
• Payment gateways: [VNPay / MoMo / ...]

5.2. Legal Requirements

When there is a lawful written request from a competent State authority in accordance with Vietnamese law.

5.3. Business Transfers

In the event of a merger, acquisition, or partial business transfer, data may be transferred to the successor entity, with a commitment to maintain equivalent protection standards and prior notification to affected users.

6. CROSS-BORDER DATA TRANSFERS

Some of our infrastructure and analytics services operate at data centers outside Vietnamese territory. Cross-border data transfers comply with Article 25 of the PDPL 2025 and Decree No. 356/2025/ND-CP, with the following measures:

• Data processing agreements with binding confidentiality clauses
• Data encryption in transit (TLS 1.2+) and at rest (AES-256)
• Preparation and retention of cross-border data transfer impact assessment records as required

7. DATA RETENTION AND SECURITY

7.1. Retention Periods

• Account data: For the duration of the active account and 12–24 months after deletion, for dispute resolution and legal obligations
• Transaction data and financial records: 10 years as required by accounting law
• Aggregated behavioral data (non-identifying): May be retained longer for statistical purposes
• Technical access logs: 12 months

7.2. Security Measures

We apply the following technical and organizational measures to protect data:

• Data encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access control based on the principle of least privilege
• Two-factor authentication (2FA) for administrative accounts
• 24/7 security monitoring and intrusion detection
• Regular security audits and sub-processor reliability assessments
• Annual employee training on personal data protection

8. YOUR RIGHTS

Under the PDPL 2025, you have the following rights regarding your personal data:

• Right to be informed: To know about the processing of your personal data
• Right to consent / object: To consent or decline data processing
• Right of access: To request a copy of your personal data being processed
• Right to rectification: To request correction of inaccurate data
• Right to erasure: To request deletion of personal data in legally specified cases
• Right to restrict processing: To request a temporary suspension of processing in certain circumstances
• Right to data portability: To receive your data in a machine-readable format and transfer it to another controller
• Right to object: To object to data processing in certain cases
• Right to lodge a complaint, report, or initiate legal proceedings: As provided by law
• Right to claim compensation: Where there has been a violation of personal data protection
• Right to self-protection: As provided under the Civil Code and related legislation

To exercise any of the above rights, please submit your request to tuvan@wigroup.vn. We will respond within 72 hours of receiving your request, in accordance with Decree No. 356/2025/ND-CP.

You also have the right to lodge a complaint with the Department of Cybersecurity and High-Tech Crime Prevention (A05) — Ministry of Public Security, if you believe your rights have been infringed.

9. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to operate our website and application:

• Strictly Necessary Cookies: Login, session security, shopping cart. Cannot be disabled
• Performance Cookies: Measuring load speed, detecting AWS errors
• Analytics Cookies: Measuring feature usage (via [Google Analytics 4/Mixpanel])
• Marketing Cookies: Only activated upon your consent

You can manage cookie preferences via the banner displayed on your first visit or via "Cookie Settings" in the website footer.

10. SECURITY INCIDENT RESPONSE

In the event of a security incident affecting personal data, we commit to:

• Detection and classification within 24 hours of discovery
• Immediate containment to limit the scope of impact
• Notifying affected data subjects within 72 hours of discovery, as required by the PDPL 2025
• Reporting to the competent State authority in accordance with regulations
• Post-incident remediation and reporting: Investigation of root causes, disclosure of improvement measures

11. POLICY UPDATES

We may update this Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before taking effect. The current version is always published at wigroup.vn with a clear effective date.

12. CONTACT US

For any requests, questions, or complaints related to personal data:

Email: tuvan@wigroup.vn

Hotline: 1900 3109

Address: WiGroup Joint Stock Company, 23 Street No. 53, An Phu Ward, Thu Duc City, Ho Chi Minh City