Privacy Policy

1. Introduction

This Policy is designed to provide transparency regarding the collection, use, storage, and protection of personal data, and to ensure compliance with applicable laws, including:

• Law on Personal Data Protection No. 91/2025/QH15;
• Decree No. 356/2025/ND-CP;
• Other relevant legal regulations as amended from time to time.

Personal data processing shall only be carried out on a valid legal basis, including the valid consent of the data subject in accordance with applicable law.

2. Data Controller Information

• Organization name: Omi Group Joint Stock Company (OmiGroup)
• Address: Hanoi, Vietnam
• Email: info@omigroup.vn
• Phone: (+84) 24 6664 4599
• Data protection contact person (DPO): dpo@omigroup.vn

3. Purposes and Scope of Data Collection

This website is managed by Omi Group Joint Stock Company (“OmiGroup”). When users access the Website, certain technical information may be automatically collected, including IP address, domain name, device type, browser, and browsing behavior. OmiGroup also uses cookies and similar technologies to support Website operations, analyze user behavior, and improve the user experience.

Personal data may be collected in the following cases:

• When users submit requests for contact, consultation, or cooperation;
• When users subscribe to updates or newsletters from OmiGroup;
• When users access and use the Website;
• When users participate in surveys, programs, events, or other activities organized by OmiGroup.

The types of data that may be collected include:

• Full name, email address, phone number;
• Organization/company name (if any);
• Contact content or request details;
• Technical data: IP address, device, browser, browsing behavior.

OmiGroup only collects personal data to the extent necessary to fulfill the notified purposes and on grounds consistent with applicable law.

Sensitive Personal Data

OmiGroup does not collect sensitive personal data by default through the Website.

In certain specific cases related to consultation, cooperation, or solution implementation (for example, in digital health), OmiGroup may receive or process sensitive personal data, including:

• Health or medical information;
• Biometric data (if any);
• Personal identification information (ID card/citizen ID/passport);
• Financial information (where necessary for services/cooperation);
• Detailed location data;
• The data belongs to projects containing sensitive personal information of third parties.

Sensitive personal data shall only be processed with the separate consent of the data subject and shall be subject to enhanced security measures in accordance with applicable law.

4. Scope of Use of Information

OmiGroup processes users’ personal data for the following purposes:

• Receiving, handling, and responding to user requests;
• Providing information about OmiGroup’s products, services, and activities where the user has consented;
• Analyzing and improving Website quality and user experience;
• Ensuring system security and safety, and preventing fraud;
• Complying with legal obligations.

Personal data shall only be processed within the scope of the notified purposes and on a lawful basis in accordance with applicable regulations.

5. Data Retention Period

Personal data shall be retained for as long as necessary to fulfill the processing purposes and comply with applicable legal requirements.

6. Disclosure of Personal Data

OmiGroup undertakes not to provide, disclose, or trade customers’ personal information to third parties. Personal data shall only be shared in the following cases:

• With the user’s consent;
• With service providers engaged by OmiGroup (including, without limitation, storage, infrastructure, data analytics, and marketing), to the extent necessary and subject to confidentiality obligations;
• At the request of competent state authorities;
• To protect OmiGroup’s lawful rights and interests in accordance with the law.

Recipients of data may only process the data for the authorized purpose and may not use it for their own purposes.

7. Cross-Border Transfer of Personal Data

Personal data may be stored or processed outside Vietnam where necessary for OmiGroup’s operations, including the use of international technology services.

Such transfer shall be carried out based on:

• A lawful basis in accordance with applicable regulations;
• Compliance with impact assessment and data protection obligations, where applicable;
• Implementation of necessary security measures to ensure data safety.

OmiGroup undertakes to fully comply with applicable laws on cross-border transfer of personal data.

8. Security of Personal Data

OmiGroup applies appropriate technical and organizational measures to protect users’ personal data throughout the collection, processing, and storage lifecycle. Such measures may include, but are not limited to:

• Use of encryption mechanisms (HTTPS/TLS) to protect data in transit;
• Passwords are hashed according to security standards and not stored in plaintext;
• Periodic data backups and recovery capabilities in the event of incidents;
• Access control systems with role-based permissions to prevent unauthorized access;
• Regular system monitoring to detect and prevent unauthorized access;
• Security awareness training for relevant personnel;
• Establishment and operation of internal incident response procedures.

9. User Rights

Users have rights in relation to their personal data under applicable law, including the right:

• To be informed of personal data processing activities;
• To consent or refuse consent, and to withdraw consent to the processing of personal data;
• To access, correct, or request correction of personal data;
• To request provision, deletion, or restriction of personal data processing, and to object to processing;
• To lodge complaints, denunciations, initiate lawsuits, and request compensation in accordance with the law;
• To request competent authorities or related organizations, entities, and individuals involved in personal data processing to implement measures and solutions to protect their personal data in accordance with the law.

Users may exercise the above rights by sending a request to: dpo@omigroup.vn. We will receive and process such requests in accordance with the timelines and procedures prescribed by law.

10. Cookies and Tracking Technologies

OmiGroup uses cookies and similar tracking technologies to support Website operations and enhance the user experience. Cookies are used to:

• Ensure stable and continuous Website operation;
• Analyze traffic and browsing behavior to improve content and system performance;
• Support marketing activities, if any.

Users may manage, restrict, or refuse cookies through browser settings or cookie-management tools integrated into the Website, if available.

11. Contact Information

If you have any questions, requests, or complaints regarding personal data processing, you may contact us as follows:

• Organization name: Omi Group Joint Stock Company
• Email: dpo@omigroup.vn
• Website: www.omigroup.vn
• Phone: (+84) 24 6664 4599

12. General Provisions

This Policy is governed and interpreted in accordance with Vietnamese law, including Law on Personal Data Protection No. 91/2025/QH15, Decree No. 356/2025/ND-CP, and related legal instruments as amended, supplemented, or replaced from time to time.

Users have the right to lodge complaints with the competent state authority for personal data protection in accordance with applicable law.

OmiGroup reserves the right to amend or supplement this Policy at any time. Updated content shall be published on the Website and shall take effect from the time of posting.

Effective date and version: This Policy is Version 2.0 and is effective from 01/05/2026.