Privacy Policy
Effective date: January 1, 2026
Data Controller:
Viet Human Resources Recruitment Co., Ltd.
Address: 119 Dien Bien Phu, Tan Dinh Ward, District 1, Ho Chi Minh City, Vietnam
Phone: +84 28 7300 1519
Email: info@headhuntvietnam.com
Business hours: Monday–Friday, 08:30–17:30
We respect and are committed to protecting your privacy in accordance with Vietnamese laws, including Personal Data Protection Law No. 91/2025/QH15 and Decree 356/2025/ND-CP on personal data protection, along with other applicable regulations. This Policy explains how we collect, use, share, store, and protect personal data when you access our website or use our services.
By using the website/services, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please stop accessing or using the services.
1. Scope
This Policy applies to:
- Candidates, job seekers, users who post profiles.
- Employers/businesses posting jobs or using candidate introduction services.
- Learners/customers of Training & Development services.
- Website visitors and users of career consulting services.
2. Personal data we collect
Depending on the service you use and your consent, we may collect:
2.1. Identification & contact information
Full name, gender, date of birth, nationality, photo, phone number, email, contact/residential address. Company information: company name, tax code, logo, industry, company size, office location (province, ward, address), website, company description.
2.2. Professional & education information
CV/profile, education and work history, certifications, skills, references/referees, job preferences, application and interaction history.
2.3. Account & transaction information
Username, login/usage logs, purchased service packages, payment information (e.g., transaction codes, payment processor details). Card/account details, if any, are processed and encrypted by payment gateways.
2.4. Technical/website usage data
IP address, browser type, device details, cookies, pixels/tags, access logs, pages viewed, feature interactions.
2.5. Sensitive data (only when necessary and with a lawful basis/explicit consent)
Processing of sensitive data is only carried out when there is explicit consent in writing or equivalent form from the data subject, except cases permitted by law under Article 15 of Personal Data Protection Law No. 91/2025/QH15.
Sensitive data includes but is not limited to:
- Health information (health status, medical history)
- Religious beliefs, political opinions
- Racial or ethnic origin
- Personal and private life information
- Criminal records (if any)
Examples of sensitive data we may collect: Customer service call recordings; health/legal information required for specific roles (if any); desired/actual income; ethnicity/belief/political affiliation (only if you voluntarily provide it for a specific job requirement).
2.6. Third-party data you provide
When you provide information about referees/colleagues, you warrant you have obtained their valid consent.
3. Purposes of processing
We process data to:
- Deliver core services: Executive Search (headhunt), candidate recommendation/nomination, job posting, job-seeker profile posting, career consulting, Training & Development, and account operation.
- Recruitment matching: Share candidate profiles/job interests with suitable employers; share employer/company needs with potential candidates.
- Company profile display: Show your company information on job postings and company pages for candidates to view.
- Recommendations & experience optimization: Analyze profiles and behavior to suggest jobs/candidates/courses/content; improve products.
- Transactions & support: Process payments; customer care; handle complaints/disputes.
- Verification & compliance: Verify authenticity (with consent), comply with legal/government requests; prevent fraud.
- Selective marketing: Send information about jobs, courses, events, newsletters, promotions… unless you opt out.
We only process beyond the above purposes with an appropriate legal basis or your additional consent.
4. Cookies & tracking technologies
We use cookies, pixels and similar technologies to:
- Remember sessions, display preferences, and items/jobs you "bookmark."
- Analyze traffic and measure content/recruitment effectiveness.
- Personalize recommendations for content/jobs/candidates.
Cookie Categories:
4.1. Essential Cookies:
Cannot be disabled as they are necessary for basic website functionality (e.g., user authentication, shopping cart, security).
4.2. Analytics Cookies:
Help us understand how you use the website to improve user experience.
4.3. Marketing Cookies:
Used to personalize advertisements and marketing content based on your preferences.
How to manage Cookies:
- Disable cookies in your browser settings
- Use the cookie management tool on our website (if available)
- Reject non-essential cookies when first visiting our website through the cookie banner
Note: Disabling some cookies may affect your browsing experience and some features may not function fully.
5. Legal bases for processing
- Your consent (e.g., allowing your CV to be discoverable by employers, receiving marketing).
- Performance of a contract/service between you and us.
- Legal obligations (e.g., invoice retention, lawful government requests).
- Legitimate interests (security, fraud prevention, service improvement) — balanced against your rights.
6. Data sharing
We do not sell personal data. We may share data in these cases:
- Employers/recruitment partners: When you apply, enable discoverability, or consent to nomination/recommendation.
- Processors acting on our behalf: Hosting, analytics, marketing, customer support, payment gateways… (access limited by purpose, bound by confidentiality).
- Government authorities: Upon lawful request.
- Corporate transactions: Mergers, acquisitions, reorganization (data remains protected at least equivalently).
- Training/event partners: When you register for our events/courses or co-hosted programs.
7. Cross-border transfers
In some cases (e.g., cloud infrastructure, analytics/ATS tools), data may be transferred to and stored outside Vietnam. Data transfers are conducted in compliance with Articles 25 and 26 of Personal Data Protection Law No. 91/2025/QH15.
Conditions for cross-border data transfer:
7.1. Data subject consent:
Data is only transferred when there is your explicit consent or when one of the conditions under applicable law is met.
7.2. Data protection level of recipient country:
The recipient country must have a level of personal data protection equivalent to or higher than Vietnam under applicable law.
7.3. Notification to data subjects:
We will notify you about the transfer of your data outside Vietnam and the protection measures applied.
7.4. Additional safeguards:
When transferring data to countries without equivalent protection levels, we will implement appropriate safeguards as required by law (e.g., signing confidentiality agreements, using standard data protection clauses).
Our Obligations
Under Articles 24 to 28 of Personal Data Protection Law No. 91/2025/QH15, as the data controller, we have the following obligations:
1. Implement measures to protect data subject rights
We are committed to respecting and protecting your legitimate rights throughout the personal data processing lifecycle.
2. Establish mechanisms to receive and process data subject requests
We have established clear procedures to receive, process, and respond to requests regarding your personal data.
3. Maintain records of personal data processing activities
We maintain complete records of personal data processing activities as required by law.
4. Conduct data protection impact assessments when necessary
Before conducting high-risk data processing activities, we perform impact assessments to identify and mitigate risks.
5. Implement controls and monitor data processing activities
We apply strict control and monitoring measures to ensure compliance with personal data protection laws.
6. Apply appropriate personal data protection measures
We implement appropriate technical and organizational measures to protect personal data (encryption, access control, monitoring, backup, periodic risk reviews...).
8. Retention
We retain personal data for as long as necessary for stated purposes or as required by law. Specific retention periods by data type:
Retention periods by data type:
8.1. Account data:
Retained throughout the active period of the account and up to 05 years from account deactivation or deletion upon request.
8.2. Application data:
Retained for up to 05 years from the end of the application process, unless otherwise required by law.
8.3. Payment data:
Retained in accordance with applicable accounting and tax regulations.
8.4. Marketing data:
Retained until you opt out of receiving marketing communications.
When the retention period expires or when there is no longer a purpose/legal basis for the data, it will be permanently deleted or anonymized according to our internal procedures.
9. Your rights
Under Article 9 of Personal Data Protection Law No. 91/2025/QH15, you have the following rights (subject to applicable conditions):
- Be informed about personal data processing activities.
- Access and obtain a copy of your personal data.
- Rectify/update/supplement inaccurate or incomplete data.
- Withdraw consent (without affecting prior lawful processing).
- Request deletion, restriction, or object to processing in certain cases under law.
- Complain or file a claim with competent authorities.
- Right to data portability: Receive your data in a structured, commonly used format.
- Right to object to personal data processing in certain circumstances.
- Right to request compensation when there is a data protection violation causing damage.
How to exercise your rights:
Contact info@headhuntvietnam.com with subject: "Personal Data Request" and proof of identity.
Response timeframes:
9.1. Data breach notification: We will notify within 72 hours of discovering the incident, in accordance with Article 23 of Personal Data Protection Law No. 91/2025/QH15.
9.2. Other data subject requests: We will respond within 72 hours from the date of receiving your valid request and complete the request within a reasonable period as required by law. Complex requests may take up to 30 days, in which case we will notify you of the extension.
Complaint Resolution Process:
If you wish to file a complaint or request regarding your personal data, please follow this process:
- Submit your complaint/request: Send an email to info@headhuntvietnam.com with subject: "Personal Data Complaint" and include:
- Your full name and contact information
- Description of your complaint or request
- Relevant supporting documents (if any)
- Copy of identity verification documents
- Initial acknowledgment: We will acknowledge receipt of your complaint within 24 hours.
- Investigation and response: Our Data Protection Officer will investigate and provide a detailed response within 72 hours.
- Resolution: If you are satisfied with our response, the complaint will be closed. If not satisfied, you may escalate to the competent authority.
Complaints to the Competent Authority:
If you are not satisfied with our response or believe your data protection rights have been violated, you have the right to complain to:
Personal Data Protection Authority
Contact point: Ministry of Science and Technology
Website: [Update with official link when available]
10. Data security
We implement appropriate technical and organizational measures (encryption, access control, monitoring, backup, periodic risk reviews…). However, no method is absolutely secure on the Internet; please:
- Keep your login credentials confidential; sign out after use; be cautious on shared/public devices.
- Notify us immediately if you suspect unauthorized account access.
Incident response: If a breach occurs, we will notify affected individuals and competent authorities as required, take remedial actions, and provide guidance to mitigate risks.
11. Children under 16
Our website/services are not directed to users under 16. If we inadvertently collect data of a user under 16 without valid parental/guardian consent, we will delete it as soon as notified.
12. Voluntary vs. mandatory data
Some fields are mandatory to deliver services (clearly indicated during registration/application/purchase). If you refuse to provide or withdraw consent for core purposes, we may be unable to continue the corresponding services.
Data Protection Impact Assessment
As required by law, we conduct Data Protection Impact Assessments (DPIA) before carrying out data processing activities that may pose high risks to the rights and legitimate interests of data subjects.
When DPIA is Required:
In accordance with Article 27 of Personal Data Protection Law No. 91/2025/QH15, DPIA are mandatory for the following processing activities:
- Systematic and comprehensive evaluation of personal aspects relating to natural persons based on automated processing, including profiling
- Large-scale processing of special categories of personal data (sensitive data) as defined in Article 15
- Large-scale processing of data related to criminal offenses and violations
- Systematic monitoring of publicly accessible areas on a large scale
- Any other processing that may result in high risk to the rights and legitimate interests of data subjects
When DPIA is Required:
In accordance with Article 27 of Personal Data Protection Law No. 91/2025/QH15, DPIAs are mandatory for the following processing activities:
- Systematic and comprehensive evaluation of personal aspects relating to natural persons based on automated processing, including profiling
- Large-scale processing of special categories of personal data (sensitive data) as defined in Article 15
- Large-scale processing of data related to criminal offenses and violations
- Systematic monitoring of publicly accessible areas on a large scale
- Any other processing that may result in high risk to the rights and legitimate interests of data subjects
Impact assessment content includes:
1. Description of planned data processing activities
Details about the types of data processed, processing purposes, processing scope, and involved parties.
2. Necessity and proportionality assessment
Analysis of whether data processing is necessary and appropriate for the stated purposes.
3. Risk assessment for data subject rights and interests
Identification of potential risks and the level of impact on data subjects' privacy.
4. Risk mitigation measures
Proposal and implementation of technical and organizational measures to mitigate identified risks.
13. Third-party links & social logins
Our site may contain links to third-party sites/services (e.g., payment tools, social networks, ATS). Their privacy policies govern the data you provide there. When using third-party login (if available), you allow us to receive information within the scope you consented to with that provider.
14. Changes to this Policy
We may update this Policy to reflect legal or operational changes. Updates will be published on the website with an effective date. Your continued use after the effective date constitutes acceptance.
15. Contact us
Viet Human Resources Recruitment Co., Ltd.
Email: info@headhuntvietnam.com
Phone: +84 28 7300 1519
Address: 119 Dien Bien Phu, Tan Dinh Ward, District 1, Ho Chi Minh City, Vietnam
Business hours: Monday–Friday, 08:30 – 17:30
Competent authority for personal data protection:
If you wish to complain about personal data protection violations, please contact:
Personal Data Protection Authority
Contact point: Ministry of Science and Technology
Website: https://most.gov.vn