This Privacy Policy (“Policy”) is part of the Terms and Conditions of Service for users of the WorkFlow application provided by WorkFlow Joint Stock Company (“WorkFlow Company”). This Policy elaborates how we collect, receive, store, aggregate, process, use, disclose, and share information from individuals and organizations (“Users”) who access and use our products and services, which are provided through our website, WorkFlow application, and other available interactive channels.

This Privacy Policy may be amended and modified. Users should visit and check in on a regular basis to stay up to speed on the latest updates. WorkFlow Company retains the right to alter, supplement, or modify the terms of this Policy at any time by publishing updates on its official website and/or displaying them on its WorkFlow application.

By continuing to use our products and services after the effective date of changes to this Privacy Policy, Users confirm their consent to the content of such revised and updated Policy.

In this Policy, “WorkFlow Company”, “we”, “our” and “group of companies belonging to WorkFlow company” are understood to refer to Affiliate Companies associated with WorkFlow Company.

User Information: is any information and data that can be used to identify the User or based on which the User is identified and related to/derived from the User’s use of the Service and other information referred to in this Policy, including but not limited to data such as name, nationality, telephone number, payment card and bank details, personal preferences, address, location, images, ID information, date of birth, marital status, insurance information, criminal charges, financial information. In addition, we may gather sensitive information such as race, health, religious views, political viewpoints, biometric data, and other information as needed.

This Privacy Policy includes the following contents:

  • Data and information that we collect.
  • Method that we use User information
  • Method that we share User information
  • User access and choices
  • Contact Information



WorkFlow Company collects necessary data and User Information to ensure the provision and operation of products and services in compliance with legal regulations. Some information is not required, but if not provided, it shall affect the quality and User experience.

1.1 Sorts of information that we collect:

  • Information provided by Users.
  • Information collected automatically.
  • User activity and information generated when Users interact with our Services.
  • Information from other sources such as trading partners and other third parties.

Information provided by Users

We collect any information provided by Users when they register, log in, and interact with our Services via our available interactive channels or third parties, including but not limited to transaction conduct, participation in contests, games, programs, or events, use of biometric features in personal identification or transaction authentication, contact, complaints, implementation survey, investigation, and so on.

Users are responsible for ensuring that the information provided by the User is complete, accurate, and always updated to ensure the User’s rights according to the provisions of the respective use of the Service.

If Users provide information about a third party, they accept responsibility and warrant that they obtained the third party’s full consent and approval, as well as any other consents required by law, for providing information to us and our use of such information in accordance with this Policy and applicable laws.

Automatically collected information

Information is automatically collected when Users perform activities while using our Services, including but not limited to information about parties providing products and services to Users, transaction information performed, (types of product, service, location, time of transaction), payment method (not including detailed card number, CVV number or other authentication code with equivalent legal value), information about the application and device used (IP address, software, operating system, location, browser type, referring website address or visits from available interactive channels, mobile applications, number of visits, feedback, versions, ad formats and related information if any).

The types of devices and information about the application and device we collect and the duration we store them depend in part on the User’s device and settings. For example: Users can enable or disable the device’s location through the device’s settings app…etc.

The other personal information we collect shall depend on the privacy settings that Users have established with their social media provider, on their devices and applications.

User Activity:

We collect information through User’s activities and information generated by Users during interactions with our Services such as searches, videos viewed, viewing activity and interaction with advertising content, third parties with whom the User communicates or shares content, purchasing activities…etc.

To better understand User behavior, we collect information through Cookies from our websites, online services, interactive applications, and third parties. This is for security and fraud prevention purposes, telling us which parts of the website the User has visited, which facilitates and measures the effectiveness of advertising and web searches, thereby remembering the User’s choices and assisting us in providing personalized experiences to Users, such as personalized content recommendations and display, as well as customized features and services. Users can manage browser cookies by following the installation instructions provided by their web browser. The Help feature on most browsers and devices shall tell Users how to prevent their browsers or devices from accepting new Cookies, how to have their browsers notify them when they receive new Cookies, or how to Turn off the Cookies function completely.

Information collected from other sources:

In some cases, we shall collect User information from publicly accessible sources that are available and public on websites and social networks.

User information may also be collected from third parties, including competent state agencies or commercial partners who are service providers, partners implementing potential customer referral programs, partners providing information to fight fraud and crime, partners providing advertising services… etc.

When we collect User Information from other sources, we ensure that such data is transferred to us appropriately and in strict compliance with applicable legal regulations.

1.2 Children

We understand the importance of protecting children’s privacy. In particular, our websites and applications are not designed or directed to children under 13 years old. We never intentionally collect or store information of anyone under 13 years old, except for the case that it’s part of our commitment to providing expert service.

If we become aware that a child’s personal data has been collected without appropriate consent, that data shall be deleted as soon as possible.



We will use User Information in accordance with this Privacy Policy and for the mentioned purposes. We only utilize User Information when we have a valid legal reason to do so, which may vary depending on the circumstances. We may rely on the User’s consent or processing technique that is required to fulfill an engagement with the User, defend the vital interests of the User or others, or comply with the law.

We may also process User Information when we review that the data is in our legitimate interests or those of others, taking into account the users’ rights, interests, and expectations.

It is not our intention to give User Information to any third party for their direct marketing or any other purpose unless we have complied with the procedures permitted by the data privacy laws to do so legally.

User Information is used by us to operate, provide and improve Services, for the purposes of:

Providing, personalizing, maintaining, and improving our Services, including:

  • Providing Services to Users, introducing new Services from us or our partners based on Users’ needs and habits during interaction and/or use of Services.
  • Processing User’s transactions and/or requests related to the use of the Service such as creating, administering, and updating User accounts; verifying and appraising information provided by the User, authenticating identity and carrying out the customer identification process according to the provisions of law; managing, operating, providing and administering the use and activities of the User when using the Service; confirming transactions and making payments; processing and managing the User’s rewards/prizes/offers.
  • Performing necessary activities to provide services, including troubleshooting software errors and operational problems.
  • Conducting data analysis, testing and research, monitoring and analyzing usage trends and User’s activities on our platforms; displaying features that personalize the User’s experience such as identifying preferences, lists of favorite applications and information of interest, and Service recommendations; enabling interactions among Users, between Users and us or affiliated partners, enabling our partners to manage and allocate resources to provide services; recommending, obtaining, providing or facilitating insurance or financial solutions.
  • Carrying out surveys, market research, analyzing data related to types of services, measuring usage, analyzing performance, finding directions to improve and develop Services;

Assisting processing inquiries and support Users: Calls, messages and/or other forms of communication from and/or to us shall be automatically or proactively stored in a form including but not limited to visual recording and aural recording to assist in resolving valid requests from Users, monitoring and improving responses from customer support department, updating information systems and improving service quality.

Performing research and development: performing research, analysis, testing and development activities including but not limited to data analysis, surveys, product and service development and/or customer profiling to analyze how Users conduct activities on our platforms, helping improve Services to enhance the User experience, develop new features, products and services, and facilitate financial and insurance solutions while protecting data, improving and enhancing safety, security and confidentiality.

Performing marketing and promotion: we may contact Users in many forms such as email, phone calls, message services, online messaging for marketing and advertising our services (not excluding products and services of partners developed and provided to Users through WorkFlow application platform).

Ensuring and enhancing safety and security: taking actions to prevent fraud, and criminal acts, ensuring system security, implementing storage, management, and backing up for disaster recovery or for similar purposes; protecting the security or integrity of Services and any facilities/equipment used to provide Services

Preventing fraud and managing risk: taking actions to detect and prevent User identity fraud or any fraudulent, illegal acts related to the use of the Service and criminal prosecution; detecting and preventing wrongdoing, fraud or omissions in connection with Services or any other activities arising out of or related to the relationship between us and Users or partners in providing and using Services; using scoring methods to evaluate and manage risks.

Complying with legal obligations and legal regulations, namely making reports according to legal regulations, and storing transaction data information.

Other lawful purposes are consistent with the goals of Services.

In some situations related with the use of particular Services, and for usage purposes of User Information not stated above and/or needing explicit User consent, we shall request the User’s permission for the use of User Information and it shall be carried out only after obtaining this permission.



We ensure that any transfer of User Information to a company within WorkFlow’s group of companies, a third party, or other law enforcement agency complies with data security laws. When necessary, we will analyze the data recipient’s security and privacy policies to ensure that they apply or are committed to strictly comply with standards equivalent to the principles of this Policy and relevant legal regulations.

3.1 Sharing information within the network of companies in the group of companies belonging to WorkFlow company

We exchange, provide and share User Information with companies within the group of companies belonging to WorkFlow company as part of commitments or to fulfill the requirements of their respective legal obligations.

3.2 Sharing information with third parties

We do not share Users’ personal information with third parties unless required for our legitimate business needs and WorkFlow’s business partners to provide products and services to Users, or research and evaluation to understand the User’s need to use products and services, so that we can fulfill the User’s requests and/or as required or permitted by law, specifically:

Complying with the requirements of competent state agencies or according to the provisions of law.

Sharing User Information with other Users in case the User utilizes interactive tools on available interactive channels; disclosing public information in case the User uses the features of available interactive channels.

We provide and share User Information with partners upon the User’s request or confirmation, via any electronic methods, including interactive channels and other forms. For example, when a User requests a service from our partners or uses a promotion offered by our partners, the User agrees that we may share User Information with such partners, and the Information the User shares with the partner may be transferred to other parties in connection with the User’s use of the Services. Our partners include partners who integrate with our applications or partner systems, transportation service providers, financial partners, and other business partners with whom we collaborate to provide promotions, competitive services, or other special services.

We may provide User Information to suppliers, consultants, marketing partners, research firms and other service providers or other business partners, including payment processors and support department; anti-money laundering services; server service providers, information technology services, cloud storage providers; advertising partners and advertising platform providers; data analytics providers; research partners, including those who carry out surveys or research projects in collaboration with us or on our behalf; insurance, finance and banking partners;

We may exchange, provide and share User Information with third parties who are our consultants, experts, agents or service providers and subcontractors to carry out work and services that appropriately match usage purposes.

We may disclose User account and User Information when we believe it is appropriate to comply with the law, to enforce or apply our terms and other agreements, or to protect the rights, property or security of our company, Users, or any other person. The above tasks may include exchanging information with other companies and organizations to prevent and detect fraud and reduce risk.

In other cases, Users shall receive notice when User Information may be shared with third parties and Users shall have the right to deny sharing information.



Users are not required to provide any information to us, however, we shall ask Users to provide certain information so that Users can receive information about products, services and our events as well as to be able to use our products and services.

Users may view, update and delete certain information about the User’s account and interactions with the Service. In the case that Users are unable to access or update their information themselves, Users can always contact us for support. However, before granting access or providing information to Users, we may request proof of identity and complete information about the User’s interactions with us under our data privacy and security policies.

Users have several options for collecting and using their User Information. Many services offer functionality that allows users to control how their information is used. Users may choose not to disclose certain information, but this may limit their ability to use certain Services. Please refer to the precise instructions on our website and applications from time to time.

Users can request that we stop using or dispatching information for promotional purposes at any time and any moment. Please unsubscribe or adjust preferences according to specific instructions on the website and our applications from time to time. In case Users do not want to receive in-app notifications from us, please adjust the notification settings in your apps or devices.

If the User decides to unsubscribe from the service or withdraws his/her consent or request us to amend or delete your information, we shall strive to delete your information as soon as possible or within the time limit required by law, although we may need to request additional information before we can process the User’s request. In this case, we usually keep a copy of the previous version.

If the User decides to refuse to provide information or withdraws his/her consent, please note that in many cases we shall not be able to provide Services to the User or respond to his/her requests.



Non-disclosure: During the process of using Services we provide, Users have the right to choose whether to provide the User’s Contact List to us so that their experience of using the Services become utmost effective. Besides, at any time, the User also has the sole right to decide to stop providing access to the User’s Contact List information by following the specific instructions on our website and applications at each time.

By storage, security and integrity of data, we commit not to disclose the User’s Contact List to any party and under any circumstances without the User’s prior consent.

Non-disclosure of use: User’s Contact List is used only when the User needs the information of the person in the User’s Contact List to perform one or more Services, or Activities on application or our website.

The usage of the User’s Contact List shall be made solely by the User. We shall not disclose the usage of the User’s Contact List to any third party, for any purpose without the User’s prior consent.



Security is our top priority. Our system is designed to ensure the safety and privacy of User information of Users. All User Information arising from and/or related to Services shall be stored, kept confidential and secured by our system or our service providers under the provisions of law and this Policy.

We shall make our best efforts within possibility to ensure that User Information is protected and is not illegally or accidentally accessed, processed or deleted. We have appropriate technical and security measures in place and shall maintain reasonable security standards, ensuring that only certain individuals who have access to the data we process are authorized to delete or destroy this information.

User Information shall be stored by us for a required period to fulfill the purposes of using the information as mentioned in this Policy, ensuring Users the ability to continuously use Services, except when there is a requirement or the law requires a longer storage period. We shall take all steps reasonably to ensure that User Information is not retained for longer than the required period and that we shall at all times comply with the requirements of Vietnamese laws and regulations regarding the storage of personally identifiable information.

Certain User Information may be stored, accessed from or transferred to countries outside of Vietnam, or transferred to foreign partners for purposes as described in this Policy. In such cases, User Information shall continue to be protected through contracts we enter into with partners or service providers, which ensures personal data protection provisions according to the standards and regulations of Vietnamese law. We shall also review the information security and privacy policies of these third parties to ensure that they are applying standards equivalent to those under this Policy.

Users are responsible for protecting their account information and do not provide any information related to accounts, passwords or authentication methods (such as OTP codes) to access websites, applications, software and other tools (if any). In case it is necessary to recover the account password, the User agrees to actively choose and allow the third party that the User has chosen to receive the one-time password (OTP). Accordingly, Users agree to share their account information with that third party and are solely responsible for this sharing.

We are not responsible for problems that arise when Users use Services from tools and interfaces other than official websites, applications, or software that are allowed to be used within the scope of the Service. In addition, Services may contain links to and from the services of partner networks, advertising agencies or their affiliates. Please note that each party shall have its privacy policy and the storage, security, and use of information provided to these parties is beyond our scope of management. Therefore, we shall not take any responsibility or liability for the storage, security and use of this information. Please check the privacy policies, security policies or similar policies of these entities before submitting any personal data to them.



We are committed to protect the privacy of information collected. If you have any questions or requests regarding your data, please contact us at any time by following specific instructions on our website and application.

We shall process the User’s request within 14 days and seek to resolve the issue within one month of receipt. In case the User’s problem is complex or we have a large volume of issues to resolve, we shall notify the User that we need more time to resolve and we shall find a solution within three months of the matter being first raised.

We may accept User’s offer or we may decline the offer for sensible reason. For example, a request to delete transaction data is not acceptable because we must store this data under the Law…etc.