PERSONAL DATA PROTECTION & PROCESSING POLICY

“Company”
Last updated: August 25, 2024

1. GENERAL PRINCIPLES

1.1 This Personal Data Protection and Processing Policy (“Data Policy”) describes how our subsidiaries, affiliates (“We/Us”), and third parties collect, use, store, delete, and share User Information in accordance with applicable law (“Processing”), and how we safeguard the personal information of individuals (“Users”) when they access or use the services provided on the website www.moneycoin.app (“Website”) and the Moneycoin App (collectively, the “Services”). This Policy also applies to any of our other sites where it is published. It does not apply to websites that publish statements inconsistent with this Policy.

1.2 Account Services are part of the Services and include, without limitation, creating an account on the Website and the Moneycoin App provided by us, enabling Users to sign in and use features and tools on the Website and the App.

1.3 All User Information arising from the Services will be: processed and protected under this Data Policy and applicable laws; processed strictly for the Purposes defined in Section 2; collected appropriately and limited to what is necessary for those Purposes; not bought or sold in any form; updated or supplemented by Users as needed for the Purposes; protected with security measures during Processing (including protection against personal data violations and against loss, destruction, or damage); and retained only for a period appropriate to the Processing Purposes unless otherwise required by law. We bear no obligation or responsibility for Processing of User Information that arises from credit-granting activities carried out by lenders, sellers, insurers, credit-card issuers, and other financial product providers (“Providers”) in their relationship with Users.

1.4 We act as data controller and processor of User Information for the purposes of this Data Policy; our subsidiaries and affiliates may act as processors.

1.5 By accessing and/or creating an account on the Website and/or Moneycoin App, agreeing to answer questions within the App, and clicking “I agree” to these Terms (or expressing consent in any other reproducible format), you consent to our Processing of all User Information to provide Services and/or to request offers from Providers.

1.6 IF YOU DO NOT AGREE to our Processing of your User Information as described in this Policy, do not access or use the Website and/or Moneycoin App.

1.7 We may amend this Policy at any time. Depending on the purpose, scope, and content of an amendment, we may notify Users and obtain consent as described in Section 1.4 or as required by then-applicable personal data laws.

1.8 User Information means information in electronic form (symbols, text, numbers, images, audio, or similar) linked to or identifying a specific person. It includes basic and sensitive personal data under current law that Users provide in connection with the Services, such as: name, date of birth, gender, nationality, portrait image; national ID/ citizen ID/ passport number, issuance date/place valid at account registration; face photo/screenshot at the time of registration; permanent/temporary/current address, postal address, email, phone number, occupation, family relationship data (parents, children), bank account/e-wallet details and account holder name; as well as other information Users provide directly on our Website and/or Moneycoin App or Moneycoin Chatbot.

1.9 Purposes of collecting User Information to provide our Services include, without limitation:

• Receiving requests and comparing loan offers, introducing insurance products, credit cards, and other financial products (Provider Services) to Users;

• Providing a free platform that connects Users with Providers;

• Quoting prices for Provider Services so Users can purchase such services; processing payments for products purchased via the Moneycoin App (where legally permitted for us to sell directly);

• Sending advertising/marketing messages, greetings, invitations, and managing lawful participation in our Services or related services via mail, phone, SMS, in-app messages, push notifications, and email. Users may unsubscribe following our instructions from time to time. We comply with applicable laws regarding message/email frequency and marketing calls;

• Responding to comments and questions and providing Services to Users;

• Sending confirmations, invoices, technical notices, updates, security alerts, support, administrative messages, and other Service- or Company-related materials;

• Linking or combining User Information with other personal information;

• Protecting, investigating, and preventing fraudulent, unauthorized, or illegal activities;

• Providing products and services requested by Users.

For any use of User Information not listed above and/or that requires specific consent, we will obtain User approval as described in Section 1.4.

1.10 Users understand that, under current law, we may Process User Information without consent in certain cases, including: emergencies requiring immediate processing to protect life or health of the data subject or others; disclosure required by law; performance of a legal contractual obligation of the data subject; and operations of state authorities as provided by specialized laws.

2. DATA COLLECTION

2.1 We collect only the User Information necessary and appropriate for the Purposes while providing the Services.

2.2 We collect User Information in the following ways:

2.2.1 Information Users provide in connection with the Services:
a) When creating/logging into an account; interacting on the Website, Moneycoin App, or Moneycoin Chatbot; using Services; using biometric identification; authenticating transactions; via customer-care calls/emails; feedback/complaints; surveys or studies, etc.
b) Users understand and agree that calls, messages, and/or other contacts to/from us may be recorded (audio/video, automated or manual) to support request handling, system updates, service quality improvement, and other lawful purposes.
c) Users are responsible for ensuring information is complete, accurate, and up to date to protect their rights under the Services and applicable law. We are not responsible where Users provide inaccurate or incomplete information.
d) For Users under 18 years of age: please ensure your parent/guardian has been informed of this Data Policy and has provided full consent to provide User Information to us and for us to Process it; the parent/guardian agrees to be bound by this Policy and is responsible for the minor’s actions. We may refuse access to or provision/use of Services if we have grounds to believe a minor lacks such parental/guardian consent.
e) If a User provides third-party information to us, the User represents and warrants that the third party has been informed of this Policy and has consented to the User’s disclosure to the Company and to our use as described herein.
f) Users represent and warrant that information provided does not include state secrets, trade secrets, or any information the User is not permitted to disclose by law or by confidentiality agreements.

2.2.2 Information from lawful external sources: We may collect User data from Providers, partners, referral programs, when Users add third-party information in surveys/promotions, and from publicly available sources. When we collect from other sources, we ensure compliance with applicable law.

2.2.3 Information collected automatically: From the moment you interact with the Services, we collect device/computer data. For example, when you visit the Website, we log OS type, browser type/language, referring site, pages viewed, and time spent. We may collect data related to your actions within the Services, including Provider information, your transactions, payment method details (we do not store sensitive payment card data such as full card numbers or legally equivalent authentication codes), device info (IP, OS, browser type, hardware specs, geolocation, referrer URL if any, visit counts, response times, filenames, ad identifiers, and related info, where available).

2.2.4 Cookies collection and use: Cookies are data files stored on a user’s device. We may use session cookies (expire when you close your browser) and persistent cookies (remain until deleted) to recognize your browser/device, learn preferences, provide essential features, and for other purposes. Cookies may include unique identifiers and be stored on your computer/mobile device, in our emails, and elsewhere. Cookies may transmit User Information and Service-usage data to us or our designees. We use Cookies to:
(i) recognize Users upon login to provide recommendations, personalized content, and custom features;
(ii) remember preferences (e.g., language and configurations);
(iii) conduct research/analytics to improve Services; prevent fraud;
(iv) enhance security;
(v) deliver content, including ads, relevant to User interests on our sites and third-party sites;
(vi) measure and analyze Service quality.

Blocking or refusing our Cookies may prevent use of certain Services requiring login or require manual readjustment of preferences upon each visit.

Approved third parties (e.g., search engines, analytics providers, social networks, ad networks) may also set Cookies when you interact with the Services to measure ad effectiveness, deliver interest-based ads, or perform services for us. They may combine data collected with other data they hold. We may not access or control third-party Cookies.

Users can manage Cookies in their browser/device settings, clear history/cache, or limit certain sharing via mobile device settings. If all Cookies are disabled, neither we nor third parties can place Cookies, but you may need to manually set preferences on each visit and some features/channels/services may not function.

3. STORAGE & PROTECTION OF USER INFORMATION

3.1 We use reasonable and appropriate technical and organizational measures—such as firewalls, access controls, and encryption—to store and secure User Information on our servers and to prevent unauthorized access/use. We regularly work with security experts to keep current with cybersecurity best practices. If our systems are attacked and personal data security is at risk, we will comply with legal obligations for remediation and notifications to Users and authorities.

3.2 Users must not use tools, programs, or methods to illegally interfere with our systems or alter data structures; must not disseminate or encourage interference, destruction, or intrusion into Company data; and must not commit acts violating Vietnamese law. Upon detecting violations, we may refer the matter to competent authorities.

3.3 Users are responsible for protecting their account information and must not provide account/password or authentication methods (e.g., OTP) on unauthorized websites, apps, software, or tools. If password recovery is needed and you choose a third party to receive one-time passwords (OTP), you agree to share your account information with that third party and bear responsibility for that sharing.

3.4 We are not responsible for issues arising when Users access Services through tools/interfaces other than the authorized Website or Moneycoin App. The Services may contain links to/from partner networks, advertisers, or Providers; each has its own privacy policy. Storage, security, and use of information provided to those parties are outside our control; we are not liable for their handling. Review their privacy/security policies before providing data.

3.5 We retain User Information to enable continued provision of Services and for as long as necessary to meet the Purposes, legal requirements, or other tasks notified to Users. Retention periods depend on the Purpose. When information is no longer needed for Services/Purposes or we no longer have lawful grounds to keep it, we will handle it in accordance with applicable personal data retention laws.

3.6 User Information may be transferred outside Vietnam for Processing. In such cases, we ensure transfers comply with this Policy and applicable laws.

3.7 Payment information security: Payment card details issued by financial institutions are protected in accordance with applicable legal standards. User payment transactions are processed via the Company’s partner banking systems.

4. SHARING USER INFORMATION

We may share User Information for the Purposes set out in this Data Policy, including with:

• Providers, consultants, marketing partners, research firms, service providers, or other business partners, such as: payment processors/support, AML services, hosting/IT providers, cloud storage providers, advertising partners/ad platforms, data analytics vendors, and research partners (including surveyors or collaborative research projects).

• With User consent—for example, when Users authorize us to share information with third parties for their promotional/marketing purposes (subject to those parties’ privacy policies).

• In connection with or during negotiations of business transactions, including sale or transfer of all/part of our business or assets; mergers, financings, acquisitions, or bankruptcy proceedings.

• For legal, protection, or security purposes.

• To comply with legal requests and processes.

• To protect our lawful rights and property, and those of our agents, customers, and related parties.

• In emergencies, to protect the safety of our employees, agents, or any related parties.

• As aggregated and/or de-identified data with relevant parties.

5. USER RIGHTS

5.1 Users may view, update, and delete certain User Information and interactions with the Website/App. If you cannot access or update information yourself, contact us for assistance. Users may also exercise other rights under law, including: withdraw consent, erasure, restriction, data portability, and objection to processing—by contacting us via the support channels in Section 6. Note that if you withdraw consent, prior Processing by us and related parties before withdrawal remains lawful under current law.

5.2 You may choose not to provide certain information, but you may then be unable to use some Services. Please follow our instructions from time to time.

• Account information: To add, update, or delete account details, follow our current instructions.

• Communications: To stop receiving marketing messages, unsubscribe or adjust your communication preferences per our instructions. To disable in-app notifications, change notification settings in the app or your device.

• Browser/device: Help features usually explain how to prevent accepting new Cookies, how to receive Cookie alerts, or how to disable Cookies entirely.

5.3 Updates/changes/deletions to User Information will not affect other information on our systems or data already shared with third parties under this Policy prior to your request. To protect privacy and security, we take necessary steps (e.g., requiring one-time password verification) to confirm identity before granting profile access or making changes. Users are responsible for keeping passwords and account details confidential.

5.4 Erasure will not apply upon data subject request where:

• Law prohibits deletion;

• Data is processed by competent state authorities for their operations as prescribed by law;

• Data has been made public in accordance with law;

• Data is processed for legal requirements, scientific research, or statistics as permitted by law;

• In emergencies related to national defense/security, public order and safety, major disasters, dangerous epidemics; threats to security/defense short of a declared emergency; prevention of riots/terrorism/crime; or response to emergencies threatening life, health, or safety of the data subject or others.

5.5 Within 72 hours of receiving a User request (or another timeframe required by applicable law), all User Information stored in databases under our control and readily retrievable will be updated, corrected, amended, or deleted to the extent reasonably possible and as required by law.

5.6 In practice, we may be unable to completely delete all information you provided from our systems upon your deletion request. Backups are performed regularly and are necessary to prevent data loss, which means some information may persist in forms that cannot be fully erased or are difficult to identify. However, we commit to ceasing all Processing of such data (other than storage and deletion of data that cannot be erased) within 72 hours of receiving your request, or within another period required by law.