Hotline/Zalo: +84 901 311 760

Privacy Policy

Effective date: 01/01/2026

Data Controller:

Vietnam Human Resources Recruitment Co., Ltd.

Address: 119 Dien Bien Phu, Tan Dinh Ward, District 1, Ho Chi Minh City, Vietnam

Phone: +84 28 7300 1519

Email: info@headhuntvietnam.com

Business Hours: Monday – Friday, 08:30 – 17:30

We respect and are committed to protecting your privacy in accordance with Vietnamese law, including the Personal Data Protection Law No. 91/2025/QH15 and Decree No. 356/2025/ND-CP on personal data protection, as well as other related legal provisions. This policy explains how we collect, use, share, store, and protect personal data when you access our website or use our services.

By using the website/services, you confirm that you have read, understood, and agree to this Policy. If you do not agree, please cease accessing or using the services.

1. Scope of Application

The policy applies to:

  • Candidates, job seekers, and profile submitters.
  • Employers/companies posting job advertisements or using candidate referral services.
  • Trainees/customers using Training & Development services.
  • Website visitors and recipients of career counseling.

2. Personal Data We Collect

Depending on the service you use and your consent, we may collect:

2.1. Identification & Contact Information

Full name, gender, date of birth, nationality, photo, phone number, email, contact/residential address. Company information: company name, tax identification number, logo, industry, company size, office location (province/city, district, address), website, company description.

2.2. Employment & Education Information

Resume/CV, education and work history, certificates, skills, recommendation letters, references, job preferences, application/interview history.

2.3. Account & Transaction Information

Username, login/usage history, purchased service packages, payment information (e.g., transaction ID, payment processor). Payment cards/accounts, if any, are processed and encrypted by the partner payment gateway.

2.4. Technical Data When Accessing the Website

IP address, browser type, device, cookies, tracking pixels/codes, access logs, visited pages, feature interactions.

2.5. Sensitive Data (Only When Necessary and With Legal Basis/Explicit Consent)

Processing of sensitive data is carried out only when there is explicit written consent or an equivalent form from the data subject, except in cases permitted by law pursuant to Article 15 of the Personal Data Protection Law No. 91/2025/QH15.

Sensitive data includes but is not limited to:

  • Health information (health status, medical history)
  • Religious beliefs, political opinions
  • Ethnic or racial origin
  • Personal and private life information
  • Criminal records (if any)

Examples of sensitive data we may collect: recordings of customer service calls; health/legal information used for screening specific positions (if applicable); desired/actual salary levels; ethnic, religious or political information (only when you voluntarily provide it to meet a specific job requirement).

2.6. Third‑Party Data You Provide

When you provide information about references/colleagues, you warrant that you have obtained their valid consent.

3. Purpose of Data Processing

We process data to:

  • Core service provision: Executive Search (headhunt), candidate introduction/nomination, posting job ads, posting job seeker profiles, career counseling, Training & Development, account operation.
  • Recruitment connection: Share candidate profiles/job requirements with suitable employers; share company information/recruitment needs with potential candidates.
  • Company information display: Display your company information on job postings and the company page for candidates to view.
  • Suggestion – experience optimization: Analyze profiles and behavior to recommend suitable jobs/candidates/courses/content; improve the product.
  • Transaction & support: Process payments; customer service; respond to complaints/disputes.
  • Verification & compliance: Verify the authenticity of profiles (with consent), meet legal/government requirements; fraud prevention.
  • Selective marketing: Send information about jobs, courses, events, newsletters, offers… when you have not opted out.

We only process beyond the above purposes when there is an appropriate legal basis or your additional consent.

4. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to:

  • Remember login sessions, display preferences, and "bookmark" news/items of interest.
  • Analyze traffic and measure the effectiveness of content/recruitment.
  • Personalize content, job, and candidate suggestions.

Cookie Classification:

4.1. Essential Cookies:

Cannot be disabled because they are required for the basic operation of the website (e.g., user authentication, shopping cart, security).

4.2. Analytical Cookies:

Help us understand how you use the website to improve the user experience.

4.3. Marketing Cookies:

Used to personalize advertising and marketing content in line with your preferences.

Managing Cookies:

  • Disable cookies in your browser settings
  • Use the cookie management tool on our website (if available)
  • Decline non‑essential cookies when you first visit the website via the cookie banner

Note: Disabling certain cookies may affect your experience and some features may not function fully.

5. Legal Basis for Data Processing

  • Your consent (e.g., sharing your profile with recruiters, receiving marketing information).
  • Performance of a contract/service between you and us.
  • Legal obligations (e.g., storing invoices, providing information upon lawful request).
  • Legitimate interests (e.g., system security, fraud prevention, service improvement) — always balanced with your rights.

6. Sharing data with whom

We do not sell personal data. Data may be shared in the following cases:

  • Recruiters/recruiting partners: When you apply, enable the searchable status, or agree to be nominated/referred.
  • Processing entities acting on our behalf: Infrastructure storage, data analysis, marketing, customer support, payment gateway… (access only as needed, security constraints).
  • Government agencies/competent authorities: When there is a lawful request.
  • Corporate transactions: Mergers/acquisitions/restructuring (data continues to be protected at least equivalently).
  • Training/event partners: When you register for a course/event organized or co‑organized by us.

7. Data Transfer Abroad

In some cases (e.g., using cloud infrastructure, partner's analytics/ATS tools), data may be transferred and stored outside Vietnam. The transfer of personal data abroad is carried out in compliance with Articles 25 and 26 of the Personal Data Protection Law No. 91/2025/QH15.

Conditions for transferring data abroad:

7.1. Consent of the data subject:

Data will be transferred only when you have given clear consent or when one of the legal conditions is met.

7.2. Level of data protection in the receiving country:

The receiving country must provide a level of personal data protection that is equivalent to or higher than Vietnam's, as required by law.

7.3. Notification to the data subject:

We will inform you that your data is being transferred abroad and the protective measures applied.

7.4. Additional protective measures:

If data is transferred to a country that does not have an equivalent level of protection, we will implement appropriate safeguards in accordance with the law (e.g., entering into a confidentiality agreement, using standard data protection clauses).

Our obligations

Pursuant to Articles 24 to 28 of the Personal Data Protection Law No. 91/2025/QH15, as the data controller, we have the following obligations:

1. Implement measures to protect the rights of data subjects

We commit to respecting and safeguarding your lawful rights throughout the processing of personal data.

2. Establish a mechanism for receiving and handling data subject requests

We have established clear procedures to receive, process, and respond to requests concerning your personal data.

3. Maintain records of personal data processing activities

We keep comprehensive records of personal data processing activities as required by law.

4. Conduct data protection impact assessments when necessary

Before undertaking high‑risk data processing activities, we conduct impact assessments to identify and mitigate risks.

5. Implement controls and monitoring of data processing activities

We apply strict control and monitoring measures to ensure compliance with personal data protection regulations.

6. Apply appropriate personal data protection measures

We employ suitable technical and organizational measures to protect personal data (encryption, access controls, monitoring, backup, periodic risk assessments, etc.).

Our Obligations

According to Articles 24 to 28 of the Personal Data Protection Law 91/2025/QH15, as the data controller, we have the following obligations:1. Implement measures to protect data subjects' rightsWe commit to respecting and protecting your lawful rights throughout the personal data processing.2. Establish a mechanism to receive and process data subject requestsWe have set up a clear procedure to receive, handle, and respond to requests concerning your personal data.3. Maintain a record of personal data processing activitiesWe keep a complete record of personal data processing activities as required by law.4. Conduct data protection impact assessments when necessaryBefore carrying out high‑risk data processing activities, we conduct impact assessments to identify and mitigate risks.5. Implement control and monitoring of data processing activitiesWe apply strict control and monitoring measures to ensure compliance with personal data protection legislation.6. Apply appropriate personal data protection measuresWe employ suitable technical and organizational measures to protect personal data (encryption, access controls, monitoring, backup, periodic risk assessments, etc.).

8. Retention Period

We retain personal data for as long as necessary to fulfil the purposes described or as required by law. The retention periods for each data type are as follows:

Retention periods by data type:

8.1. Account data:

Retained for the entire duration the account is active and up to a maximum of 5 years after the account is locked or deleted upon request.

8.2. Application data:

Retained for up to 5 years after the conclusion of the recruitment process, unless a different period is mandated by law.

8.3. Payment data:

Retained in accordance with applicable accounting and tax regulations.

8.4. Marketing data:

Retained until you opt out of receiving marketing communications.

When the retention period expires or the purpose/legal basis no longer exists, the data will be permanently deleted or anonymised in accordance with our internal procedures.

9. Your Rights

According to Article 9 of the Personal Data Protection Law No. 91/2025/QH15, you have the following rights (subject to applicable conditions):

  • Right to be informed about personal data processing activities.
  • Right of access, to receive a copy of your personal data.
  • Right to rectification, to update or supplement inaccurate/incomplete data.
  • Right to withdraw consent (without affecting the lawfulness of processing prior to withdrawal).
  • Right to erasure, restriction of processing, and objection in certain cases as provided by law.
  • Right to lodge complaints or report to the competent authority.
  • Right to data portability: receive data in a commonly used, structured format.
  • Right to object to personal data processing in specific circumstances.
  • Right to claim compensation for damages resulting from a breach of personal data protection.

How to exercise your rights:

Contact info@headhuntvietnam.com with the subject line: "Personal Data Request" and include identity verification information.

Response timeframes:

9.1. Data breach notification:

We will notify you within 72 hours of discovering an incident, in accordance with Article 23 of the Personal Data Protection Law No. 91/2025/QH15.

9.2. Other data subject requests:

We will respond within 72 hours of receiving a valid request and will complete the request within a reasonable period as required by law. For complex requests, processing may take up to 30 days; in such cases we will inform you of any extension.

Complaint handling procedure:

If you wish to lodge a complaint or make a request concerning your personal data, please follow the steps below:

  1. Submit complaint/request: Email info@headhuntvietnam.com with the subject line: "Personal Data Complaint" and include:

    • Your full name and contact information
    • A description of your complaint or request
    • Any supporting documents (if applicable)
    • A copy of an identity verification document

  2. Initial acknowledgment: We will acknowledge receipt of the complaint within 24 hours.

  3. Investigation and response: Our Data Protection Officer will investigate and provide a detailed response within 72 hours.

  4. Resolution: If you are satisfied with our response, the complaint will be closed. If not, you may escalate the complaint to the competent authority.

Escalating to the competent authority:

If you are not satisfied with our response or believe your personal data protection rights have been infringed, you have the right to lodge a complaint with:

The competent authority for personal data protection

Contact point: Ministry of Science and Technology

Website: [Update official link when announced]

10. Data Security

We implement appropriate technical and organizational measures (encryption, access controls, monitoring, backups, periodic risk assessments, etc.). However, no method is absolutely secure on the Internet; please:

  • Keep your login credentials confidential; log out after use; exercise caution when accessing from public devices.
  • Notify us immediately if you suspect unauthorized access to your account.

Data breach incident handling (if it occurs):

We will notify affected individuals and the competent authorities as required; we will also implement remedial measures and provide guidance to mitigate risk.

11. Individuals Under 16 Years Old

The website/service is not directed at users under 16 years of age. If we inadvertently collect data from individuals under 16 without valid consent from a parent/guardian, we will delete it as soon as we are notified.

12. Voluntary/mandatory nature

Some data fields are mandatory for the provision of services (marked when you register/apply/purchase a service). If you refuse to provide them or withdraw consent for core purposes, we may be unable to continue providing the corresponding service.

Data Protection Impact Assessment

In accordance with legal regulations, we conduct a Data Protection Impact Assessment (DPIA) prior to undertaking any data processing activities that may pose a high risk to the rights and legitimate interests of data subjects.

When a DPIA is mandatory:

Pursuant to Article 27 of the Personal Data Protection Law No. 91/2025/QH15, a DPIA is required for the following processing activities:

  • Systematic and comprehensive assessment of personal aspects concerning individuals based on automated processing, including profiling
  • Large‑scale processing of special categories of personal data (sensitive data) as defined in Article 15
  • Large‑scale processing of data relating to criminal offenses and violations of law
  • Systematic monitoring of publicly accessible areas on a large scale
  • Any other processing activity that could result in a high risk to the rights and legitimate interests of data subjects

The DPIA must cover:

1. Description of the intended data processing activity

Details of the types of data to be processed, the purpose of processing, the scope of processing, and the parties involved.

2. Assessment of necessity and proportionality of the processing

Analysis of whether the data processing is necessary and proportionate to the stated purpose.

3. Risk assessment for the rights and interests of data subjects

Identification of potential risks and the level of impact on the privacy of data subjects.

4. Risk mitigation measures

Proposed and implemented technical and organisational measures to mitigate the identified risks.

13. Third‑Party Links & Social Login

The website may contain links to third‑party websites/services (e.g., payment tools, social networks, ATS). Their privacy policies will govern the data you provide on those platforms. When you use login via a third‑party account (if available), you permit us to receive information within the scope you have agreed to with that provider.

14. Policy Changes

We may update the Policy to reflect changes in the law or operational procedures. The updated version will be posted on the website together with the effective date. Your continued use of the service after the effective date constitutes your acceptance of the changes.

15. Contact Information

Vietnam Human Resources Recruitment Co., Ltd.

Email: info@headhuntvietnam.com

Phone: +84 28 7300 1519

Address: 119 Dien Bien Phu, Tan Dinh Ward, District 1, Ho Chi Minh City, Vietnam

Working hours: Monday – Friday, 08:30 – 17:30

Authority responsible for personal data protection:

If you wish to lodge a complaint regarding personal data protection violations, please contact:

Personal Data Protection Authority

Contact point: Ministry of Science and Technology

Website: https://most.gov.vn