Privacy Policy

1. Scope of this Privacy Policy and MISA’s Role
As a technology company, MISA provides this Privacy Policy (“Privacy Policy”) to explain how MISA collects, uses, shares, or processes information collected through the products and services that MISA provides. MISA Joint Stock Company and its parent companies, subsidiaries, affiliates, branches, or representative offices are hereinafter referred to as “MISA”. This Privacy Policy is valid worldwide. For some specific software, MISA may supplement some other privacy policies (if any).
This Privacy Policy describes the purposes and means by which MISA processes personal data as a ‘data controller’ (or an equivalent term under personal data protection law at any given time). MISA may share your personal data with its parent company, subsidiaries, affiliates, branches, and representative offices and conduct data processing activities as a controller or co-controller for the purposes set out in this Privacy Policy.
In some cases, your personal data may be processed by multiple data controllers (e.g., your employer or financial partner). In these cases, MISA acts as an independent data controller from the remaining data controllers. Other data controllers independently fulfill their obligations under data protection law. MISA is not responsible for the data processing activities of other data controllers. If you have questions about how other data controllers process personal data, you can contact them directly to learn how they process your personal data and how to exercise your privacy rights.
This Privacy Policy applies when MISA is the data controller. If MISA is the data processor, MISA will process your personal data according to the contracts and agreements between MISA and the data controller (e.g., your employer or financial partner). If you have questions about the processing of personal data that MISA processes as a data processor, please contact the data controller directly to exercise your privacy rights.
2. MISA Software
2.1. MISA Software and your personal data
In this Privacy Policy, “MISA Software” is understood as all software provided by MISA. When you choose to input data into a specific MISA Software or transfer information from MISA Software to a third party (such as a bank or tax authority), you are sharing data with all MISA Software or you agree to transfer information from any MISA Software you are using to a third party. For example, MISA may use your accounting book information from MISA SME, invoice information from MISA meInvoice, and order history information from MISA CukCuk to send to the bank when you request to perform a transaction.
Personal data that MISA uses in this centralized manner may relate to you as an end-user of MISA Software, or as a customer or supplier of a MISA customer whose personal data is included in MISA Software.
2.2. Enterprise Account Information
Some features or business modules in MISA Software are provided based on your relationship with an enterprise (such as your employment relationship with your employer). If you are granted access to MISA Software using an enterprise account (e.g., in MISA AMIS), the administrative account has the right to control and manage your account, such as assigning access rights to you; providing your personal data (e.g., details of your payroll); or requiring you to perform certain actions (e.g., using the location tracking feature to clock in for a shift). If the administrator changes your access rights, you may lose access to information controlled by the enterprise.
Your use of MISA Software as part of an enterprise account may be subject to the enterprise’s policies. These policies may differ from MISA’s Privacy Policy. MISA is not responsible for the security or privacy practices of enterprises, and you should review both the enterprise’s policy and MISA’s policy that grants access to your personal data to the enterprise.
3. Personal Data MISA Collects
The personal data that MISA collects or receives about you depends on your interactions with MISA, how you configure your settings and account, and may include basic and sensitive data depending on the context. How MISA processes your personal data may also depend on the specific features, operations, or experiences you use, your location, and applicable law.
3.1. Information You Provide to MISA
The personal data you provide to MISA includes:
  • Contact and account information. MISA collects information when you or your organization create an account, activate a subscription, and/or upload information to MISA Software. Personal data may include full name, employee ID, title, occupation, company name, education, address, phone number and email address, profile photo, payment information, purchase history, and other information to log in to your account.
  • Identification information. MISA collects your identification information, including full name, date of birth, identification number, passport number, social security number, identification characteristics, and similar information to verify your identity and help you use some specific features on MISA Software (e.g., tax declaration).
  • Communications, feedback, and survey data. MISA may collect personal data such as full name, email address, phone number, and any other personal data you provide, share when you contact MISA for support, submit feedback, participate in surveys, attend events, participate in product research or training, or interact or communicate with MISA. This information may be in the form of audio recordings, video recordings, calls, voicemails, text exchanges, photos, and videos.
  • Marketing. Contact information you provide to MISA to receive MISA’s marketing information.
  • Social networks and communities. MISA may collect content you post on MISA’s social media pages and community pages.
  • Business and financial information. MISA may receive information about your business such as financial information, expenses, invoices, financial statements, income details, payroll details, payment transactions, tax declaration information, information about your customers, suppliers, or employees, and/or investment information.
  • Interactions with experts. MISA Software may provide features for you to connect directly with experts, such as service accountants or tax consultants. When you interact with these experts, MISA may receive information about the questions you ask, details of your account, and instructions provided to you.
  • Contact and device data. If you grant permission in your device settings, certain features may have access to your device and contacts.
3.2. Third-Party Sources
MISA Software provides features based on the data you provide, so you can input your personal data and the personal data of others to use MISA Software at your discretion. For example, a MISA customer may input personal data about you on MISA AMIS to record your attendance – the employee of the company. Or you may input other people’s personal data into MISA Software, for example: You manage the administrative account of MISA CukCuk. To manage the customer list, you can input other individuals’ information to assign access rights or input customer information for management. If you input other individuals’ information into MISA Software, you must notify them in advance and obtain the data subject’s consent to the data processing in accordance with applicable law.
MISA may also receive personal data about you from third parties if you have consented or when applicable law permits. MISA protects and processes personal data received from third parties in accordance with this Privacy Policy. MISA’s third parties may change over time and depend on how you use MISA Software. For example, MISA receives information from:
  • Linked third-party products and services. If you synchronize a non-MISA account/service with your MISA account, MISA will receive information from the third-party account/service, such as bank account information, social network information, purchase history, or sales records of your business.
  • Information and identity verification providers. MISA may connect with some third parties to verify your identity and/or supplement the personal data you have provided to ensure the accuracy of your personal data. For example, MISA uses providers to authenticate your contact information (e.g., name, mailing address, email address, phone number) or to provide additional details about your business, such as financial institutions, telecommunications service providers, or email service providers.
  • Other users. MISA may receive personal data about you from other MISA Software users, such as accountants, human resources, consultants, employers, or customers using MISA Software (e.g., you are an individual purchasing goods from a MISA business customer). MISA may also collect personal data through features such as member referral programs.
  • Risk management and cybersecurity service providers. MISA may receive personal data from third parties that help MISA assess risks related to MISA’s products and services to prevent and combat risks, cybersecurity, fraud, and illegal activities.
  • Joint offering partners. MISA may receive personal data from third parties collaborating to provide products, services, or participate in joint marketing activities with other businesses and organizations.
  • State agencies. MISA receives information from government agencies, including tax authorities, social insurance, customs, etc.
  • Public information. MISA collects demographic information of individuals and households as well as preference information from publicly available sources, such as open government databases, social media platforms, and other sources.
3.3. Automatic Data Collection
MISA, its service providers, and business partners may automatically record personal data about you, your computer or mobile device, and your internet activity, including but not limited to:
  • Device Information. MISA may collect information about your device(s), including but not limited to IP address, log information, error messages, device type, and unique device identifier. For example, MISA may collect your IP address for MISA’s automatic login and security features.
  • Usage Information. Your interactions, browser type, and details of any links or information MISA may collect information about your use of MISA Software, including but not limited to pages you have viewed, services and features you have used, or communications you have interacted with.
  • Location Information. Certain features in MISA Software may collect your location information, device movement information, or both, if you or your organization grant MISA access through your device settings.
  • Online Behavioral Data. MISA may automatically collect certain personal data about your use of and interaction with MISA’s websites, customer websites or e-commerce sites, social media sites, and marketing campaigns organized by MISA or MISA’s customers (including but not limited to IP address and device ID,…); page view information and search results, links, and if you are a customer contact, whether advertising campaigns presented or sent to you using MISA’s services have been viewed, delivered, opened, or considered spam.
4. Purposes for Which MISA Uses Personal Data
MISA may use your personal data in some of the following ways or as otherwise described at the time of personal data collection:
4.1. Providing and operating software. MISA may use your personal data to perform actions including but not limited to:
  • Creating accounts and providing you with access to MISA Software.
  • Operating and managing MISA’s business activities, including resolving payment and financial disputes.
  • Evaluating your eligibility for marketing offers, products, and services.
  • Providing features to you, such as preparing financial reports or evaluating metrics for you.
  • Providing products or services to you through MISA Software.
  • Connecting you with experts and other users.
  • Exchanging information with you, such as sending you electronic notifications.
  • Understanding your needs and preferences, and personalizing your experience with MISA’s products and services.
  • Customer care, support, and dispute resolution.
  • Authenticating your identity.
  • Managing event registrations and attendance, including sending you relevant event information.
  • Registering visitors to MISA’s offices for security reasons and managing non-disclosure agreements you may be required to sign.
4.2. Research and development. MISA may use your personal data to:
  • Improve and develop MISA’s products and services by analyzing your interactions and usage activities with MISA Software, or with some content you receive from third parties, or with content displayed through MISA Software, including analyzing data to develop insights, your needs, and preferences, so that MISA can provide more suitable predictions, recommendations, and products for its customers.
  • Analyze information about your interactions with MISA to generate statistics for use in research and for marketing, promoting, improving, and developing MISA Software.
4.3. Marketing and advertising. MISA and its advertising service providers may collect and use your personal data for marketing and advertising purposes to:
  • Market services, products, and experiences, including sending gifts and promotional materials, product introductions, and other non-transactional communications via email, mail, phone, and messages consistent with your marketing preferences.
  • Personalize your experience and tailor recommendations, advertisements, and offers for you, including through the development of insights about you and your needs based on your interactions with MISA Software’s products, services, and offers.
4.4. Complaint handling
When you notify MISA of any suspicion of non-compliance with MISA’s policies, illegal conduct, or other complaints, the personal data you provide will be processed as part of the investigation of the complaints and will be retained in accordance with MISA’s internal policies until the investigation is concluded. Although MISA makes every effort to maintain confidentiality, disclosure of your identity to other parties may be necessary depending on the nature of the investigation.
4.5. Compliance and protection. MISA may use your personal data to:
  • Ensure compliance with MISA’s software supply contracts, including content related to MISA’s software usage agreements sent to you or displayed through MISA Software.
  • Comply with legal and regulatory requirements.
  • Protect the rights, property, safety, or security of MISA Software, MISA’s customers, employees, or others, and prevent fraudulent or illegal activities.
  • Exercise MISA’s rights in litigation; administrative, civil, criminal procedures; or judgment enforcement.
4.6. With your consent. In some cases, MISA may request your additional consent to use your personal data, including but not limited to when you use additional MISA products or services or when required by law. MISA may process your personal data for other purposes compatible with the above purposes if permitted by applicable law.
4.7. Automated processing
To provide you with suggestions, recommendations, and personalize your experience, MISA may process your personal data using automated and manual (human) methods. MISA’s automated methods include artificial intelligence (AI) and a range of technologies that help MISA’s services learn and infer to improve personalization and enhance your experience in MISA Software.
4.8. Inference MISA may make inferences about you based on the personal data that MISA has collected or received about you.
MISA may make inferences about you based on the personal data that MISA has collected or received about you.
5. How MISA Shares Your Personal Data
5.1. When you use and interact with MISA Software
MISA may share your personal data in the following cases:
  • When you connect with MISA’s partners. You may be offered promotions, products, and services from providers integrated with MISA Software (“Service Partners”). If you interact with, subscribe to a Service Partner’s service or offer; or link, synchronize your account with a Service Partner’s product or service, then you agree to allow MISA to share your personal data with the Service Partner, for example: when you connect with a bank to use financial services, you allow MISA to send your personal data to the bank to open an account or register to use the bank’s credit service; when MISA directly sends your registration information to the Service Partner; or when MISA redirects you to the Service Partner’s website or application for you to directly provide information.
In some cases, if you choose to access a Service Partner’s website, you will automatically send some of your personal data to that Service Partner. Please note that any information you provide to a Service Partner will be subject to the Service Partner’s privacy terms and conditions, whether that information is sent through MISA or directly by you.
  • When you connect with your social media accounts. Some MISA features allow you to connect with social media accounts or share information on social media platforms, such as Zalo and Facebook. Any information you choose to share on social media is potentially visible according to the social media provider’s privacy policy (not MISA’s Privacy Policy). You should only share information on social media that you deem appropriate.
5.2. For legal reasons. MISA may share your personal data with third parties for legal reasons without your consent and as permitted by law, including:
  • When MISA believes that disclosure is necessary to comply with a court order or other legal regulation or process.
  • To protect the rights, property, or safety of MISA, MISA’s customers, or others.
  • To enforce, remedy, or apply MISA’s Terms of Service or other agreements.
  • To prevent fraud, cybersecurity attacks, or illegal activities.
  • To help detect and prevent fraud, or protect customers, users, or MISA Software.
  • As required by competent State agencies (e.g., tax authorities or investigative agencies).
5.3. Other Purposes
MISA also shares your personal data with third parties in the following cases.
  • Research. With appropriate controls, MISA may share information with third parties, including but not limited to research organizations, governments, and non-profit organizations, for research purposes or publishing research materials. The information MISA shares only includes non-identifiable information (not specifically identifying any individual).
  • With financial service providers. For some specific MISA Software, MISA may transmit your personal data to banks, credit institutions, financial organizations, card organizations, or organizations providing identification or credit scoring services with your consent.
  • With MISA’s service providers or agents. MISA shares personal data with service providers or agents who perform tasks and services for MISA. Service providers or agents include but are not limited to advertising, marketing, and sales companies; technology solution providers (such as hosting and security service providers) that help MISA operate its business. Service providers or agents are required by MISA to implement reasonable controls and protection of information received from MISA.
  • For mergers and acquisitions. If MISA is involved in a merger, asset sale, capital contribution, liquidation, bankruptcy, or acquisition of all or part of MISA’s business by another company, MISA may share your personal data with that company and its advisors before and after the transaction date.
  • With MISA’s subsidiaries, branches, and representative offices. MISA may share your personal data with its branches and subsidiaries for daily business activities according to the purposes specified in this Privacy Policy, including marketing purposes, to improve and develop MISA’s services, and to personalize your experience on MISA Software.
  • For advertising and analytics. MISA may display advertisements on MISA Software or manage MISA’s advertisements on other websites.
6. Your Personal Data Rights and Choices
6.1. MISA provides all customers with options or settings in their MISA Software accounts to manage their privacy.
  • Access to personal data. You have the right to access, view, and self-edit your personal data at any time by directly or indirectly adjusting or changing that information.
  • Deletion of personal data. You have the right to delete your personal data in certain circumstances. MISA may not delete your personal data even if you request it if the deletion is not permitted by law or for other reasonable technical or business reasons.
  • Restriction of data processing. You may request MISA to restrict the use of your information in certain circumstances, such as when you realize that your personal data is inaccurate, you may request MISA to restrict the processing of that personal data for a certain period to allow you to verify the information. MISA will make its best efforts to resolve your request.
  • Right to object to data processing. You may object to the processing of your personal data to prevent or restrict its use for advertising and marketing purposes by using the options in your account settings or opting out at the bottom of marketing emails. MISA is committed to making its best efforts to address your requests.
  • Withdrawal of consent. You may withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of any processing MISA has conducted prior to your withdrawal. To withdraw part or all of your consent, you can directly delete personal data on MISA Software.
  • Request to provide information to third parties. You have the right to transfer or request MISA to transmit your personal data to a third party. If you make such a request, MISA shall only be understood as an authorized party to transmit and shall not be responsible for the scope you request to perform. MISA will require your confirmed consent before transmitting to a third party.
  • Right to complain. If MISA does not meet your expectations in processing personal data or you wish to complain about MISA’s data protection measures, please notify MISA immediately to promptly resolve the issue. To assist MISA in resolving the issue, please provide full details and valid evidence. MISA will endeavor to review and respond to all complaints as soon as possible.
6.2. If your personal data is entrusted by a data controller to MISA for processing through a contract or agreement, please contact the data controller to request the exercise of your individual rights, and MISA will ensure the exercise of your rights at the request of the data controller.
7. Data Processing Period
7.1. From the time you interact with MISA Software or MISA’s website, application, media page, or contact channel, MISA proceeds to process your personal data in accordance with the provisions of this Privacy Policy.
7.2. Your personal information will be retained for at least the entire period that MISA provides products and services or when you are still in contact with MISA. Thereafter, your personal data may continue to be retained by MISA for a reasonable period if MISA deems retention necessary to:
  • Comply with legal obligations (e.g., retaining records to fulfill MISA’s tax obligations; retaining customer data in accordance with accounting law, e-transaction law, cybersecurity law…);
  • Comply with requests from competent state agencies;
  • Resolve disputes, complaints, or legal proceedings;
  • Prevent and combat fraudulent or infringing acts;
  • Comply with safety and information security conditions and standards;
  • Protect the legitimate rights and interests of you, MISA, and MISA’s customers and partners; and
  • Other reasonable requirements.
8. Security of your personal data
MISA commits to making its best efforts within its capabilities in terms of human resources, technology, and other factors to secure your personal data in the best possible way. However, MISA cannot commit to this in the event of force majeure events including but not limited to natural disasters, epidemics, widespread power outages, hacker attacks, etc.
9. Changes to MISA’s Privacy Policy
MISA reserves the right to change or update its Privacy Policy at any time. If MISA makes important changes related to how your personal data is processed, MISA will notify you on MISA Software or in a public post; by sending you a notification via email; or by publishing on MISA’s website; or by other means consistent with applicable law. You can see when this Privacy Policy was last updated by checking the “last updated” date at the beginning of this Privacy Policy. Please review this Privacy Policy periodically to be informed about how MISA protects your privacy.
10. Children’s Data
MISA may collect and process children’s data under 16 years old in some specific software (including but not limited to MISA EMIS, MISA SISAP products,…). MISA understands that protecting children’s privacy is especially important, therefore MISA collects and processes data on the principle of protecting the rights and for the best interests of children. MISA allows the data controller (e.g., schools, parents or guardians) to input children’s personal information into MISA Software to use the software’s features. MISA relies on agreements and contracts with the data controller to collect and process children’s data without requiring additional consent from parents or guardians and children aged 07 years and older. As a parent or guardian (“Parent“), you can directly access and control your child’s personal data in the software account. To request to stop processing, delete, or cancel children’s personal data, Parents can delete information on MISA Software or delete the software account. In cases where children’s data is provided by the data controller, you should contact the data controller as a Parent to request the exercise of the above rights.
11. How to contact MISA
If you have questions or concerns about this Privacy Policy, please contact MISA using the contact information at https://www.misa.vn/ or https://www.misa.vn/lien-he/ or directly at MISA’s head office. MISA will make its best efforts to respond to you as soon as possible.