Introduction
The Email system is deployed for enterprises to manage employee records, employment contracts, attendance, payroll, and related HR processes. This privacy policy describes how we collect, use, store, and protect employees' personal information when using the Email application.
Enterprises using Email must strictly comply with data privacy regulations under Vietnamese law, including Decree 13/2023/ND-CP on personal data protection. By using the system, employees and administrators confirm they have read and understood this policy.
01
Information we collect
Identity information:
Full name, date of birth, gender, national ID/passport, portrait photo, contact address.
Employment records:
Labor contracts, appointment decisions, work history, department, position, dependents.
Financial information:
Bank account numbers, tax ID, social/health insurance data for payroll and benefits.
Biometric data:
Fingerprint, facial recognition, or other identifiers (if the enterprise enables biometric attendance).
Attendance & performance:
Clock-in/out, shifts, leave, overtime, competency evaluations and KPIs.
Technical data:
Login logs, IP address, device, browser, and system access timestamps.
Note: We do not use employee data for advertising. Sensitive data (e.g. health information) is collected only when required by law or internal policy with a lawful basis.
02
Purpose of data use
- Performing employment contracts and related labor obligations.
- Payroll, bonuses, benefits, tax withholding, and social insurance contributions.
- Managing attendance, shifts, leave, and HR reporting.
- Competency assessment, promotion, and training planning.
- Legal compliance with authorities (tax, labor, insurance).
- System security, fraud prevention, and technical support upon request.
We do not use employee data for advertising or sell/rent data to third parties.
03
Storage & data security
Email data is stored on infrastructure in Vietnam or as agreed with the enterprise, in compliance with domestic personal data regulations.
TLS 1.2 / 1.3
HTTPS encryption
Bcrypt Hash
Secure password hashing
RBAC
Strict role-based access
Regular backups
Disaster recovery
Data for active employees is retained for the duration of employment. After resignation, data is typically deleted or securely locked within the period defined by the enterprise (often 3–5 years), unless longer retention is required by law (labor records, tax, insurance).
04
Sharing with third parties
We do not sell employees' personal information. Data is shared only in the following cases:
- Lawful requests from competent state authorities.
- Infrastructure providers (servers, backup) under data processing agreements.
- Integration partners (attendance, payroll) when the enterprise connects them with security agreements.
- With explicit consent from the employee or legal representative.
05
Employee rights
Employees have the following rights regarding their personal data under applicable law:
Right of access
Request to view and receive a copy of stored personal data.
Right to rectification
Update inaccurate information via HR or self-service portal.
Right to erasure
Request deletion or restriction when purpose ends or consent is withdrawn.
Right to portability
Export data in a structured format where technically feasible.
Right to object
Object to certain processing not required by law.
06
Data on the Email system
- Data is owned and controlled by the enterprise — employees have rights under internal policy.
- Access is role-based; each role sees only data within job scope.
- Reports can be exported; correction requests go through HR.
- No automated scanning of sensitive content beyond stated HR management purposes.
Third-party integrations (time clocks, CCTV, occupational health software, etc.) may have separate policies. The enterprise must assess and notify employees before deployment.
07
Cookies & tracking
The system uses session cookies to maintain login and functional cookies for UI preferences. We do not use advertising or behavioral tracking cookies for marketing.
08
Contact & complaints
If you have questions about this policy or wish to exercise your data rights, please contact:
Email Support
Response within 7 business days
Processing time
Within 7 business days
We may update this policy over time. Material changes will be notified by email or in-system notice.