Updating the protection of consumers’ personal information when accessing the DILAVI.VN Website (Article 68 to Article 73 of Decree 52/2013 / ND-CP)
Article 68. Responsibility to protect consumers’ personal information
1. In the course of e-commerce business activities, if traders, organizations or individuals collect consumers’ personal information, they must comply with the provisions of this Decree and the provisions of this Decree. Relevant laws on protecting personal information.
2. In cases where traders, organizations or individuals conducting e-commerce business authorize a third party to collect and store personal information of consumers:
a) The contract between the two parties must clearly define the responsibilities of each party in complying with the provisions of this Decree and relevant legal provisions on the protection of personal information;
b) If the contract between the two parties does not specify the responsibilities of each party, the traders, organizations and individuals conducting e-commerce business are responsible in case of collecting, storing and using information. Personal information of consumers violates the provisions of this Decree and relevant legal provisions on the protection of personal information.
Article 69. Policies to protect consumers’ personal information
1. Traders, organizations and individuals that collect and use consumers’ personal information must formulate and publicize a personal information protection policy with the following contents:
a) Purpose of collecting personal information;
b) Scope of using the information;
c) Time of information storage;
d) People or organizations may have access to that information;
d) Address of the information collection and management unit, including ways of contact so that consumers can inquire about the collection and processing of information related to themselves;
e) Methods and tools for consumers to access and correct their personal data on the e-commerce system of the information collection unit.
2. The above content must be clearly displayed to consumers before or at the time of collecting information.
3. If the information collection is done via the e-commerce website of the information collection unit, the personal information protection policy must be publicly announced at a conspicuous location on this website.
Article 70. Obtaining permission from consumers when conducting information collection
1. Except for the case specified in Clause 4 of this Article, traders and organizations that collect and use consumers’ personal information on e-commerce websites (referred to as information collection units) must obtain the Consumers’ prior consent has that information (referred to as the information subject).
2. The information collection entity must establish a mechanism for the information subject to express consent clearly, through online functions on the website, email, text messages, or other means. by agreement between the two parties.
3. The information collection unit must have a separate mechanism for the information subject to choose whether or not to use their personal information in the following cases:
a) Sharing, disclosing and transferring information to a third party;
b) Use personal information to send advertisements, product descriptions and other commercial information.
Information-gathering units do not need prior consent of information subjects in the following cases:
a) Collecting personal information that has been published publicly on e-commerce websites;
b) Collecting personal information to sign or perform goods and service purchase and sale contracts;
c) Collecting personal information to calculate prices and charges for using information, products and services on the network environment.
Article 71. Use of personal information
1. The information-collecting units must use consumers’ personal information strictly according to the notified purposes and scope, except for the following cases:
a) Having a separate agreement with the information subject on the purpose and scope of use in addition to the notified purposes and scope;
b) To provide services or products at the request of the information subject;
c) To perform obligations as prescribed by law.
2. The use of information specified in this Article includes the sharing, disclosure and transfer of personal information to a third party.
Article 72. Ensuring safety and security of personal information
1. Information collection units must ensure safety and security for personal information they collect and store, preventing the following acts:
a) Stealing or gaining unauthorized information;
b) Unauthorized use of information;
c) Illegally changing or destroying information.
2. The information collection unit must have a mechanism to receive and resolve consumer complaints related to the use of personal information for the wrong purpose or the notified scope.
3. In the event that an information system is attacked which creates a risk of consumer information loss, the information storage unit must notify the relevant authorities within 24 (twenty-four) hours after incident detection.
Article 73. Checking, updating and adjusting personal information
1. Information subjects may request information collection units to inspect, update, adjust or cancel their personal information.
2. The information collection unit is obliged to inspect, update, adjust and cancel personal information of the information subject upon request or provide the information subject with tools for self-examination. update, adjust your personal information.