About management of personal information

Luvina Software Joint Stock Company and our group companies (hereinafter referred to as “Luvina Software JSC”) are engaging in social contribution activities through information industry system construction and maintenance service business.

In these corporate activities, Luvina Software JSC, as a company that handles and manages a large amount of personal information in various situations, recognizes the security management of information as an important social responsibility and considers personal information protection to be one of our business priorities, will comply with the Laws on Protection of Personal Information, other related laws and regulations, and the “Management of Personal Information”.

About personal information managed by Luvina Software JSC

It nominates information about living individuals, such as name, date of birth, address, telephone number (including the one displayed when receiving a call), e-mail address, contact information, and other descriptions contained in the information, which identify a specific individual, and information that can identify a specific individual from the information alone (personal identification information), such as physical appearance, fingerprints, voiceprint data, and health insurance number.

The personal information managed by Luvina Software JSC is as follows.

  • Information received from business partners
    • Information received from business partners during entrusted dutiesInformation received accompanied by contracts with business partners in order to provide services
  • Personal information related to business partners themselves
    • Information of person in charge of various transactions
    • Information of people who participated in or visited events, seminars, etc
    • Information regarding visitors to Luvina Software JSC
    • Information regarding various inquiries
    • Other information (will be used for other purposes for which we have been notified in advance and for which approved by the customers)
  • Information regarding Luvina Software JSC executives・employees and their families
    • Job applicant information・Recruitment applicant information・Human resources recruitment information
    • Information about Luvina Software JSC employees


About the purpose of using personal information managed by Luvina Software JSC

  • Personal information managed by Luvina Software JSC will be used within the scope of the following purposes which was determined and notified in advance.
    • Information received from business partners
      • Storage and use of personal information (information processing, etc.) based on outsourcing contracts
      Personal information related to business partners themselves
      • Business processing such as contracts, billing, payments, etc. and business communications
      • Responding to inquiries and requests from business partnersGuidance regarding events such as product information sessions and exhibitions
      • Requests for customer satisfaction surveys, etc.
      • Use for other purposes for which we have been notified in advance and for which approved by the customers
    • Information regarding Luvina Software JSC executives・employees and their families
      • Employment selection operations, joining procedures
      • Employment management, attendance management, wage management
      • Notifications, reports, and document creation based on laws and regulations
      • Benefit system, safety management
      • Education and Training
      • Emergency contact etc.
  • Personal information that is no longer needed will be promptly and appropriately deleted and disposed of.

About provision to third parties

  • Luvina Software JSC will not provide or disclose the acquired personal data to any third party except in the following cases.
    • In the case of having consent of the person in question
    • In the case that is necessary to provide based on laws and regulations
    • In the case that is necessary for the protection of a person’s life, body or property, and the case that is difficult to obtain the consent of the person in question
    • In the case that is necessary to cooperate with national institutions or local governments, etc. in carrying out public affairs, and there is a risk that obtaining the consent of the person in question may impede the execution of the said affairs
    • In the case that is difficult to obtain the consent of the person in question, we will notify the person in advance of the following six details or matters that are equivalent or greater based on procedures stipulated by laws and regulations, or take equivalent measures in place of it.
      • The purpose of use is to provide to a third party
      • Categories of personal information provided to third parties
      • Ways or methods of provision to third parties
      • To stop providing personal information that can identify the person to a third party in response to the person’s request etc
      • Acquisition method
      • Methods of accepting requests from the person in question
    • In the case of information regarding the officers and shareholders of a corporation or other organization that is included in the information regarding the corporation or other organization, and provide information that has been disclosed or made public by the person or the corporation or other organization itself, we will notify the person in advance of the six details listed in Section 6 above, or the person is made easily aware of it.
  • Notwithstanding the provisions of the previous regulation, in the following cases, the person to whom the information is provided shall not fall under the category of a third party.
    • When our company entrusts all or part of the management of personal information to the extent necessary to achieve the purpose of use.
    • In the case when personal information is provided accompanied with business inheritance due to merger or other reasons
    • In the case when personal information is to be used jointly with specific persons, and the person is notified in advance or placed in a condition to be easily aware of a statement to that effect as well as the items of jointly used personal information, the scope of joint users, the usage purpose of the user, the name of person responsible for the management of the personal information.


About entrustment of personal information, etc.

In order to accomplish entrusted duties, we may entrust the managing of received personal information, etc. to a third party. In this case, Luvina Software JSC will select a company that meets a sufficient level of protection of personal information and will entrust the duties after obtaining the consent of the business partner. In addition, we will conclude contracts regarding the protection of personal information with subcontractors, ensure that appropriate safety management measures are taken in accordance with laws and regulations and Luvina Software JSC’s standards, and implement appropriate supervision. Furthermore, after the entrustment is completed, we will take back the personal information from the entrusting company.

About disclosure, correction, suspension of use, etc. of registered contents

If we receive a request from an individual for disclosure of personal data held by Luvina Software JSC, we will respond to the disclosure after confirming the identity of the person making the request. In addition, if we are unable to comply with request for disclosure based on laws and regulations, in the following cases, or if the relevant retained personal data does not exist, we will respond to that effect when you contact us..

As a fee for procedures such as disclosure, we may charge an amount equivalent to the actual expenses such as communication charges and postage costs (up to 2,000 yen).

  1. In the case when there is a risk of harming the life, body, property, or other rights and interests of the person or a third party.
    1. In the case when there is a risk of significant obstacle to the proper implementation of our operations.
    1. In the case when it would violate other laws and regulations.

Safety management measures for personal information

Regarding the handling of information, including personal information, we have implemented a management system that complies with the requirements of the Japanese Privacy Mark and Information Security Management Systems.

1. Formulation of basic policy

To ensure proper management and handling of personal data, we have established and published a “Personal Information Protection Policy.”

  • Establishment of regulations regarding the handling of personal data

In addition to company-wide regulations regarding personal information protection and information security, we have established and thoroughly enforced security rules for each project, especially in operations that involve managing information systems.

  • Security control measures of organization

a)       Appointing a manager and running security meetingsb)      Developing and carrying out security policies (regulations, by laws) based on information security policy.

  • Establishing personal information handling ledger for operations that deposit and acquire personal information.

d)      Evaluating, reviewing, and enhancing safety management measures through self-inspections, internal audits, and management review processes.

e)       If an incident or violation regarding information security is detected, a task force will be established and legal measures will be taken against the violators of rules of information security.

4. Human safety management measuresa)      

Confidentiality when handling personal information·    Collecting written pledges from employees.

  • Signing confidentiality agreements for partner companies and vendors

b)      Employee education and training

Improving the level of information security by conducting education for all members four times a year through the mean of e-learning, etc.

  • Physical security control measures
    • Setting security levels and controlling entry and exit through the usage of IC cards
    • Implementing anti-theft measures using locked storage of confidential documents and media, and clear policies and wire locks for portable PCs
    • Implementing power outage and disaster prevention measures and establishing a terminal room dedicated to operations on production environment which has access to the confidential information
  • Technical security control measures
  • Carrying out personal authentication at the time of access using password, IC card, and fingerprint authentication

b)      Minimizing the number of personnels who are granted access and implementingthe access controlc)      

Managing access scope and setting access priviledge according to job resposibilitiesd)     

Acquiring and storing accessed records and accessed logs. Monitoring and checking against work recordse)      

Applying and updating automatically antivirus definitions (DAT) and security patchesf)       

Encrypting and applying electronic transmission for transfering media, using VPN and secure email for communicationg)      Prohibiting the usage of operational data, if necessary, it will be operated by authorized persons and in supervised areas.

7. Supervision of employees and contractors

  1. Applying TV monitoring and internet access restrictions in monitored areas

b)      Appointing chief information security officer for the contractors, carrying out periodical training, and audit of outsourcing operations.

Security of sites

We are currently using data encryption technology called SSL as a security measure to prevent network eavesdropping for those who register personal information on our website. Although we will take reasonable care in personal information management, due to the nature of the Internet and e-mail, we cannot completely guarantee the total confidentiality of personal information. Please keep this in mind when using the website and email.

Handling of cookies

The information will be used for our advertising activities, marketing activities, and the development and improvement of our services.

The collection of cookies and analysis services and advertising distribution services used by our company are as follows. a) Analysis of website usage status, etc.

※Google Analytics
Our company uses Google Analytics, a service provided by Google Inc., which uses cookies, etc. to statistically collect and analyze access information of visitors on our website.

For information on the data collection and processing mechanisms provided by Google Analytics, please check the information provided by Google (www.google.com/intl/ja/policies/privacy/partners/)

※ If you do not want your data to be collected by Google Analytics, you can opt out (disable) Google Analytics in your browser’s add-on settings. ※

To opt out Google Analytics, please install the “Google Analytics Opt-out Add-on” and change your browser’s add-on settings.

b) Collection and usage of email magazine subscribers’ opening status and browsing history, etc

※Vtiger One
Our company uses Vtiger One, a service provided by Vtiger, which uses cookies, etc. to collect and analyze information of those who subscribe to our e-mail newsletter.

For information on how Vtiger One collects and processes data, please check the information provided by Vtiger (www.vtiger.com/ja/policy-legal-center/privacy-policy/)

Handling of personal information for individual product and service

There are cases when information regarding the handling of personal information such as the purpose of use, provision to third parties, security, contact information, etc. for each product, service, etc. on websites, e-mails, and other types of information regarding each product or service may be determined individually. In such cases, when there are special provisions or provisions that differ from this document, we will prioritize applying the term regarding the handling of personal information stipulated for each product, service, etc.

Document language

This document is written in Japanese, translated into English, Vietnamese. The Japanese version is the original, other version is created for reference only. Therefore, if there is a conflict between the language versions, the Japanese version will take precedence.

Revision

This document is subject to change without notice due to revisions of related laws and regulations, changes in Luvina Software’s policies, etc.

Date of enactment: 2004/7/1

Latest revision: 2023/ 10/1

Contact information

Luvina Software Joint Stock Company

Headquarter in Hanoi

4th Floor, Hoa Binh Tower, 106 Hoang Quoc Viet,

Cau Giay District, Hanoi, Vietnam. +84-366-496-399  (※Japanese supported)

[email protected]