(Last updated: Sep 16rd, 2022)

 

The Data Controller operates the mobicloud.mobifone.vn websites & Mobicloud mobile applications for Android and iOS.

This page is used to inform visitors regarding my policies with the collection, use, and disclosure of Personal Information if anyone decided to use my Service.

If you choose to use my Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that I collect is used for providing and improving the Service. I will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at Mobicloud unless otherwise defined in this Privacy Policy.

This Privacy Policy aims to acquaint you with the main moments related to the processing of your personal data. The Data Controller reserves the right to update it, and its current version will be at your disposal at any time on the Service as listed above.

I. Definitions

1. Cookies: means small pieces of data stored on the user’s device. 

2. Data Controller: means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the way any personal data are, or are to be, processed.   

3. Data Processor or Service Providers: means a natural or legal person, public authority, agency, or other body (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.  

4. Personal Data: means any information relating to an identified or identifiable natural person (the "Data Subject") via an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.  

5. Processing: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.  

6. Recipient: means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.  

7. Usage Data: means the data collected automatically either generated using the Service or from the Service infrastructure itself.   

8. User: means the individual visiting and using our Service. The User corresponds to the Data Subject. 

II. Principles

2.1 The main principles on which the Data Controller bases the processing of personal data are: (i) legality; (ii) good faith and transparency; (iii) minimizing data and limiting the purposes and retention period; (iv) accuracy; (v) integrity and confidentiality; (vi) accountability.

2.1.1 In order for the Processing to be lawful, the Data Controller processes your Personal Data based on legitimate grounds, when necessary, in the context of a contract or with an expressed intention to conclude such.

2.1.2 The principle of good faith and transparency requires the Data Controller to ensure that all information and communication related to the Processing of your Personal Data is easily accessible and understandable, using clear and unambiguous wording. This principle applies to the information that you as a Data Subject receive about the identity of the Data Controller and the purposes of the Processing, as well as to the additional information guaranteeing conscientious and transparent Processing.

2.1.3 Compliance with the third principle, namely to minimize data and limit the purposes and period of storage by the Data Controller, is ensured by collecting only those data that are absolutely necessary for the purposes and activities of the Data Controller and its compliance with the legal requirements, as they are processed only for specific, explicitly stated and legitimate purposes, and are not processed in a way incompatible with these purposes, and are stored for a period not longer than necessary or provided by the law.

2.1.4 The principle of accuracy requires that all Personal Data processed by the Data Controller be accurate and kept up to date, and for this purpose the Data Controller relies on you as a Data Subject, on your correctness and assistance. If it proves impossible to correct inaccurate Personal Data provided by you, the Data Controller shall delete them in a timely manner, considering the purposes for which they are processed

2.1.5 In accordance with the principle of integrity and confidentiality, the Data Controller processes your Personal Data in a way that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, applying appropriate technical or organizational measures.

2.1.6 The principle of accountability comes to ensure before you that everything the Data Controller does regarding your Personal Data is subject to control and the Data Controller is responsible for it.

2.2 The Data Controller ensures that all persons involved in the Personal Data processed by it are familiar with the basic principles set out here, this Policy, as well as the applicable legal requirements regarding the protection of your Personal Data.

III. Types of Personal Data collected

3.1 While using our Service, we may ask you to provide us with certain Personal Data. The categories of Personal Data may include, but are not limited to:

• First name and surname
• Phone number
• Email address
• Habitual residence (if applicable)
• Google and/ or OneDrive credentials and profile pictures (if applicable)
• Cookies and Usage Data - device type, device ID and/ or IP address, and other information as clarified below (if applicable)
• Communications and content, including audio, video, text (typed, inked, dictated, or otherwise), in a message, email (if applicable).
• Contact list (if applicable)
• Files (if applicable)

3.2 The Data Controller receives your Personal Data in the following ways: (i) personally from you, when you visit and start using the Service; (ii) from other sources like Google, Facebook, Apple, etc. but only as supplementary information to that, already provided voluntarily by you; and (iii) through so-called Cookies and other unique identifiers.

3.3 Integration with third party services (Google, OneDrive) may require exchange of information, such as username, open ID, single-sign-on tokens, and any other data required for implementation of said integration. Integration is optional for social media, and necessary for payments. Any data received from third party service is covered by this Privacy Policy.

3.4 Where required by law, we store the data and information we collect from you when you are unauthenticated (not signed in) separately from any Account Personal Data that directly identifies you, such as your name, email address, or other. If we link other data and information relating to you with your Personal Data, we will treat that linked data as Personal Data. Please note that, if you use the unauthenticated version of our Service, you may contact us with a request concerning your rights as Data Subject, but in this case, we may not be able to identify you. If such a situation occurs, please go to your Service settings and explore your options.

3.5 In addition, some of our Service have optional features which, if used by you, require us to collect additional information to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the information needed to use a feature, you will not be able to use the respective feature. For example, you cannot open files from your device if you don't grant file access permission to the respective application. Another example is the camera access - we ask for permission to access your device’s camera. If you grant permission, you may be able to take pictures or video within the app experience. Another example: when you want to use "sync contacts" you must allow access to contacts. "upload file" function you must allow access to the file of your device. Permissions can be managed through your Account settings.

3.6. As for Contacts list access, here is the function to find friends who also use the app by accessing your contacts and searching in our system. we will find out which phone numbers are also using the CloudV app. it only works when you allow it. We promise not to use your contact information for other purposes.

3.7. For access to Files. this is the function to access the collection to select the files you want to store on our system. Of course it also only works with your permission. We promise not to use your file information for other purposes.

IV. Grounds for Processing

4.1 Once provided, your Personal Data will be processed by us (our authorized employees/ representatives/ Data Processors) on the following grounds: (i) the Processing is necessary for the performance of a contract to which you as Data Subject are party or in order to take steps at your request prior to entering into any such contract; (ii) the Processing is necessary for compliance with a legal obligation to which we as Data Controller are subject; and (iii) the Processing is necessary for the purposes of the legitimate interests pursued by us as Data Controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms as Data Subject which require protection of Personal Data, in particular where you are a Child.

4.2 When you have consented to your Personal Data being processed by the Data Controller for direct marketing and remarketing purposes, you have the right to object/ opt out to this at any time in one of the ways described below. Upon receipt of your objection/ opt out, we shall cease the Processing of your Data for these purposes.

V. Purposes of Processing

5.1 The Data Controller processes/ uses your Personal Data and Usage Data for the following purposes:

5.1.1 for provision and maintenance of the Service, its modifications, changes, updates, or enhancements, including but not limited to, provision of interactive features associated with the Service; for Service-related announcements; to detect, prevent and address technical and security issues; for monitoring of the Service usage; for transfer of your Personal Data to our Service Providers/ Data Processors; for measuring effectiveness and analysis; for processing of subscriptions and collection of fees; for execution of distance End-User License Agreements (whether paid or as a free trial); for returns and reimbursements; for management of your account; for measures to protect the Service against fraud, IP rights infringements, cyberattacks and other attempts to harm the rights, property, piracy or safety of the Data Controller and/ or our employees, Users, Children, or the public

5.1.2 for direct marketing and remarketing, including but not limited to, tracking preferences and interests, sending you information about our Services and/ or special offers, participation in promotions, raffles and competitions, filling in and submitting questionnaires and quizzes, conducting surveys, market research, etc.

5.1.3 for customer support, assistance, and solving problems; for investigating and responding to any comments or complaints

5.1.4 for the observance of legal obligations by the Data Controller, including arising from the applicable tax and accounting legislation

5.1.5 for the protection of the legitimate rights and interests of the Data Controller and third parties, in full balance with your interests, fundamental rights and freedoms

5.1.6 for the transfer of your Personal Data to competent authorities; for handling various other risks, as well as any other purposes compatible with the above.

5.2 The Processing of Personal Data for purposes other than those for which they were originally collected is also permitted when the Processing is compatible with the purposes for which they were originally collected. Processing for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes should be considered as compatible lawful processing operations.

VI. Retention period

6.1 The Data Controller will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

6.2 The Processing of your Personal Data will continue as follows: (i) in cases where you have filled in and submitted incorrect, incomplete or inaccurate data, and there is no way to be corrected or updated by the Data Controller, they will be deleted within one (1) month as of their receipt; (ii) in the case of consent given for direct marketing, until the Data Controller has received your objection/ opt-out to the processing of Personal Data for this purpose; (iii) in cases where the Processing is based on a signed contract - until the final settlement of the legal relationship between you and the Data Controller and five (5) years thereafter, except in cases of legal or enforcement proceedings, tax inspections and/ or audits, as well as when the protection of the legitimate interests of the Data Controller or third parties requires a longer period. All these terms will be valid only on condition that laws or by-laws do not provide for longer or shorter ones. Usage Data is generally retained for short periods, except when this data is used to strengthen the security or to improve the functionalities of our Service, or we are legally obligated to retain this data for longer time periods.

6.3 Please note that the data and information stored under your account in Mobicloud or in your email inbox shall not be considered as part of the Personal Data/ Information we receive and process hereunder. Therefore, there may be other reasons why these data must be deleted or will be deleted by us, for example, if you exceed limits on how much data and information you are allowed to store therein. For more information, please refer to our Terms of Use.

6.4 The Data Controller makes regular checks on the Personal Data processed and stored, and based on the rules contained herein, proceeds with their deletion, destruction, or anonymization for statistical or research purposes. Regarding Personal Data, for the storage of which special laws provide for longer periods, the Data Controller shall take technical and organizational measures for their archiving so that they are not subject to further Processing and cannot be amended.

VII. Transfer of Personal Data. Recipients

7.1 Your Personal Data may be transferred to and processed on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Also, the privacy protections and rights of authorities to access your information may not be equivalent to those in your country. If you are located outside United States and choose to use the Service, please note that your Personal Data are received and processed in the United States. Your Personal Data are stored and kept safe in Our Cloud Platform.

7.2 We will only transfer your Personal Data when appropriate safeguards are put in place to ensure that they receive adequate protection. Depending on the case, we transfer or may give access to some of your Personal Data to the following categories of Recipients: (i) companies from the group to which the Data Controller belongs; (ii) Service Providers - partners and contractors like courier service providers, payment/ banking service providers, marketing service providers, including digital advertising agencies and market research service providers, IT and hosting service providers, fraud monitoring and prevention service providers, and other companies with which the Data Controller develops joint programs; (iii) public government bodies and organizations, where this is necessary in order to protect the legitimate interests of the Data Controller or third parties, or where it is provided for as a legal obligation.

7.3 The Data Controller may entrust the processing of your Personal Data on its behalf only to Data Processors who provide sufficient guarantees that they will apply appropriate technical and organizational measures in such a way that the Processing complies with legal requirements, this Privacy Policy, and ensures the adequate protection of your interests, fundamental rights, and freedoms. We always use HTTPS protocol while transferring your Personal and/ or Usage Data.

7.4 If the Data Controller merges with or is acquired by another company, sells a Service, or business unit, or if all or a substantial portion of our assets are acquired by another company, your Personal Data will likely be disclosed to our advisers and any prospective purchaser's advisers and will be one of the assets that is transferred to the new owner.

VIII. Disclosure for law enforcement

Under certain circumstances, we may be obliged to disclose your Personal Data by law or in response to valid requests by public authorities (e.g., a court or a government authority). Therefore, we may disclose your Personal Data in the good faith belief that such action is necessary to:

• comply with a legal obligation, a subpoena, a court or administrative order or another official act of a competent public or government authority
• protect and defend the rights or property of the Data Controller
• prevent or investigate possible wrongdoing in connection with the Service
• protect the personal safety of our employees, Users, Children, or the public
• respond to an emergency involving the danger of death or serious bodily harm
• protect ourselves against legal liability.

IX. Cookies. Usage Data. Service Providers. Others

9.1 Cookies. We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to analyze the performance of and improve our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Examples of Cookies we use:

• Necessary Cookies: we use Necessary Cookies to operate our Service. They help make the Service usable by enabling basic functions and access to secure areas. The Service cannot function properly without these cookies.
• Preference Cookies: we use Preference Cookies to remember your preferences and various settings. They enable the Service to remember information that changes the way it behaves or looks like your preferred language or the region that you are in.
• Statistic Cookies: we use Statistic Cookies to help us understand how you interact with the Service by collecting and reporting information anonymously.
• Security Cookies: we use Security Cookies for security purposes.
• Advertising Cookies: we use Advertising Cookies to serve you with advertisements that may be relevant to you and your interests.

Via our cookie banner the Data Controller collects and stores your prior, explicit, and affirmative consent before using cookies and trackers, or any other technology that stores Personal Data on your terminal equipment (hardware and software) and before allowing third-party interference into your electronic communications. You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Service, but your ability to use some of its features or areas may be limited.

9.2 Usage Data. We may also collect Usage Data that your browser sends whenever you visit our Service or when you access the Service by or through a computer or a mobile device. This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, search terms, entered into a search engine which led you to our Service, types of apps and websites of your interest, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and other diagnostic data.

9.3 We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform the tasks assigned on our behalf and are obligated not to disclose or use them for any other purposes whatsoever.

9.3.1 Service Providers of Analytics Data: 

a) Google Analytics and Firebase are web and application analytics services offered by Google that track and report website and applications traffic and information about your device. This information is automatically uploaded to the Google servers and used to provide better services to the Users. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy

9.5 Others:

a) Behavioral Remarketing used by us to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service. You can prevent the Service Providers engaged in behavioral advertising, which collect data about your online browsing activities and use it to show you targeted ads by submitting opt-outs. Opting-out will only prevent targeted ads, so you may continue to see generic (non-targeted) ads. You may opt out to behaviorally targeted ads anytime by deleting your browser's cookies.

b) "Do Not Track" Signals. We do not support Do Not Track ("DNT"). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable it by visiting the Preferences or Settings page of your web browser.

X. Links to other websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party`s link, you will be directed to that third party's website. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

XI. Account

11.1 Some of our Services may require that you create an account with us ("Account"). When you create a personal Account, you will be asked to provide certain Personal Data and we will assign a unique ID number to identify your Account and the associated information. Thus, you become an Account Holder. Signing into your Account enables personalization, consistent experiences across products and devices, permits you to use cloud data storage, allows you to make payments using payment methods stored in your Account, and enables other features such as chats, file sharing and others. We may use the Personal Data provided therein for the purposes as enumerated in item 5.1 above, including but not limited to contact you via email messages regarding your Account and maintenance related issues, newsletters, as well as marketing or promotional information that may be of your interest. You may object/ opt out of receiving any or all these marketing communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us using the details provided herein.

11.2 Once created, the use of your Account is at your own risk. Please do not buy, sell, transfer, rent, and/ or lease your Account and/ or password to anyone. We will not take any responsibility for the use of your Account by others that is caused by your actions or negligent password keeping.

11.3 Please keep your Personal Data accurate and up to date. Whenever made possible, you can also update your Personal Data directly within your Account settings. If you are unable to do this by yourself, please contact us to make the necessary changes.

11.4 You can also close your Account. When you close your Account, we begin deleting certain Personal Data and Information that we no longer have a business reason to retain. However, we typically retain Personal Data related to our contracts and business transactions for five years after your last interaction with us or upon the contract expiration. Please be advised that in this case you will lose your Account`s preferences, synchronized settings on different devices and any data stored in Mobicloud and Chats. We cannot restore any of these once your Account is closed. For more information on this topic please check our Terms of Use.

XII. Security of Data

12.1 The Data Controller undertakes to apply appropriate technical and organizational measures to ensure an appropriate level of security of your Personal Data. In assessing the appropriate level of security, account shall be taken of the risks associated with the Processing, and in particular the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

12.2 With regard to automated processing, the Data Controller is applying measures aiming at:

12.2.1 control over access to equipment - to deny unauthorized persons access to the equipment used for Personal Data Processing

12.2.2 control of data carriers - to prevent reading, copying, modification or removal of data carriers by unauthorized persons

12.2.3 control over storage - to prevent the entry of Personal Data by unauthorized persons, as well as the performance of checks, modification, or deletion of stored Personal Data by unauthorized persons

12.2.4 consumer control - to prevent the use of automated processing systems by unauthorized persons through the use of data transmission equipment

12.2.5 control over access to data - to ensure that persons who are allowed to use an automated processing system have access only to the Personal Data covered by their access authorization

12.2.6 control over communication - to ensure the possibility of verification and establishment of which persons have been or may be transferred Personal Data, or which persons have access to Personal Data through data transmission equipment

12.2.7 control over data entry - to ensure the possibility for subsequent verification and establishment of what Personal Data have been entered into the automated processing systems, as well as when and by whom they were entered

12.2.8 control over the transfer - to prevent the reading, copying, modification or deletion of Personal Data by unauthorized persons during the transfer of Personal Data or during the transfer of data carriers

12.2.9 recovery - to ensure the possibility of recovery of the installed systems in case of failure of the functions of the systems

12.2.10 reliability - to ensure the implementation of the functions of the system and the reporting of defects in the functions

12.2.11 integrity - to ensure that the stored personal data is not damaged due to improper functioning of the system.

12.3 Through measures under the previous point, the Data Controller is aiming to ensure the protection of Personal Data at the design stage, considering the achievements of technical progress, implementation costs and the nature, scope, context, and objectives of Personal Data Processing, as well as risks to the rights and freedoms of individuals.

12.4 We follow generally accepted standards to protect the Personal Data submitted to us during Processing including HTTPS. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we do not guarantee the Personal Data absolute security.

XIII. Your rights as Data Subject. General Standards

The Data Controller respects your privacy no matter where your habitual residence is. We hereby provide you with the right to request access, correction, completion, update, and/ or erasure of your Personal Data. We will aim to address all you request, complaints and/ or worries within reasonable time as of their receipt by being compliant with our high standards for Personal Data protection and the applicable legislation.

15.7 Data Breach Notification under Cal. Civ. Code §§1798.29, 1798.82 and 1798.84. We will notify you in due time of any unauthorized acquisition of unencrypted computerized data that contains your Personal Information. This is in addition to any other specific notification obligations for data breaches contained in other statutes.

XVI. Amendments and supplements

We may update this Privacy Policy from time to time. The updated version of this Privacy Policy will be posted on the Service. Please review it periodically because any and all amendments and/ or supplements will become effective when posted.

Please do not hesitate to contact us at anh.dinhhoangquang@gmail.com in case you need assistance or clarification, want to exercise your legal rights, or file a complaint.