USER PRIVACY POLICY

1. General Terms

PayME Technology Joint Stock Company (hereinafter referred to as "PayME") has established and published this Privacy & Data Protection Policy (hereinafter referred to as "Policy") to uphold its commitments and responsibilities in protecting Users' personal information. This Policy ensures compliance with Decree 13/2023/NĐ-CP and other relevant legal regulations regarding data security and privacy protection when Users access and use PayME’s services.

This Policy informs Users about:

• How PayME collects, processes, uses, stores, and protects their data.
• Users' rights and obligations regarding their personal data when registering, using, or terminating PayME services.
• PayME’s rights and obligations in handling Users' personal information.

By directly or indirectly providing personal information to PayME, the User acknowledges and agrees that their data will be collected, processed, used, stored, and secured in accordance with this Privacy Policy.

If the User does not agree with this Policy, they should:

• Refrain from providing any personal information to PayME.
• Discontinue using PayME services that require personal information submission.

The terms used in this Policy are referenced from the User Agreement (PayME Terms and Conditions).

 

2. Definitions

In this Privacy Policy, unless otherwise required by the context, the following terms are defined as follows:

2.1. PayME

PayME Technology Joint Stock Company (PayME) is a legally established and operating enterprise in Vietnam, registered under Business Registration Certificate No. 0310476487, first issued on November 25, 2010.

2.2. PayME Services

PayME Services refer to products and services developed or co-developed by PayME for Users, including but not limited to:

• Electronic Payment Gateway
• Collection and Disbursement Support
• E-Wallet Services
• Direct Foreign Currency Receipt and Payment Services

2.3. PayME Account

A PayME Account is an electronic account built on PayME’s technology platform, designed to meet technical requirements and regulations for payment intermediary services.

• A PayME Account is created and managed by the User through multiple platforms, including but not limited to mobile applications, websites, and other digital platforms.
• It allows Users to access and use PayME Services in compliance with PayME’s policies and applicable laws.

2.4. User

A User refers to an individual or organization that:

• Registers a PayME Account
• Meets PayME’s identity verification requirements
• Links a bank account/card as required by law and PayME policies

2.5. Personal Data

Personal Data refers to information in the form of symbols, text, numbers, images, audio, or other electronic formats that is linked to a specific individual or helps identify a specific individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.

2.6. Data Subject

A Data Subject is the individual whose Personal Data is being collected and processed.

2.7. Basic Personal Data includes:

a. Full name, middle name, birth name, and any other aliases (if applicable).
b. Date of birth, date of death, or date of disappearance.
c. Gender.
d. Place of birth, registered birthplace, permanent residence, temporary residence, current address, hometown, and contact address.
e. Nationality.
f. Personal photographs.
g. Phone number, National ID number, personal identification number, passport number, driver’s license number, vehicle registration number, tax identification number, social security number, and health insurance card number.
h. Marital status.
i. Family relationships (parents, children, etc.).
j. Bank account information, online activity records, and digital footprint data.
k. Any other information associated with a specific individual that does not fall under the category of Sensitive Personal Data.

2.8. Sensitive Personal Data

Sensitive Personal Data refers to personal information linked to an individual’s privacy, where unauthorized access or misuse could directly affect their legal rights and interests. This includes:

a. Political opinions and religious beliefs.
b. Health status and private medical records (excluding blood type information).
c. Information related to racial or ethnic origin.
d. Inherited or acquired genetic traits.
e. Physical attributes and unique biological characteristics.
f. Sexual life and sexual orientation.
g. Criminal records and law enforcement-collected crime data.
h. Financial data related to banking and payment services, including:

• User identification details as required by law.
• Bank account details, deposits, financial assets, and transactions.
• Information on individuals or organizations providing guarantees in financial institutions.

i. Location data obtained via geolocation services.
j. Other personal data classified as sensitive under applicable laws, requiring special security measures.

2.9. Processing of Personal Data

Processing Personal Data refers to any operation performed on personal data, including but not limited to:

• Collection, recording, analysis, verification, storage, modification, publication, combination, access, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, or destruction of personal data.

2.10. Personal Data Controller

A Personal Data Controller is an organization or individual that determines the purpose and means of processing personal data.

• In this case, PayME is the Personal Data Controller.

2.11. Personal Data Processor

A Personal Data Processor refers to an organization or individual that processes personal data on behalf of the Personal Data Controller, based on a contract or agreement.

• In this case, a Personal Data Processor may refer to:
  • PayME itself
  • A licensed third-party service provider authorized by PayME to process data

2.12. API (Application Programming Interface)

API, short for Application Programming Interface, is a set of methods and protocols that enable software applications, libraries, and systems to communicate and exchange data with one another. This is done through request-response interactions.

2.13. QR Code (Quick Response Code)

QR Code, short for Quick Response Code, is a type of machine-readable barcode that encodes information into an image format. It allows scanning devices (such as smartphones or dedicated QR scanners) to retrieve, access, connect, or execute commands quickly.

2.14. KYC/eKYC (Know Your Customer / Electronic Know Your Customer)

KYC (Know Your Customer) and eKYC (electronic Know Your Customer) refer to the customer identification, verification, and authentication process.

• This can be done through traditional methods (e.g., physical document submission and in-person verification).
• Or electronically, using AI, biometrics, and automated verification systems.

2.15. OTP (One-Time Password)

OTP, short for One-Time Password, is a randomly generated sequence of characters or numbers that is unique and non-repeatable.

• OTPs are used for authentication and verification purposes.
• They serve as an extra layer of security for online banking, email, social media, and digital applications.

 

3. Scope of Data Collection and Applicability

3.1. Applicability

This Privacy Policy applies to all Users, including:

• Individuals
• Organizations
• Businesses

3.2. Scope of Data Collection

PayME collects, processes, uses, stores, and protects User information provided through the following means:

a. Direct data collection from Users

• When registering, opening, or using PayME Services through the PayME App.
• When interacting with third-party services that use PayME’s API.
• When accessing PayME services via cookies or other legally authorized tracking technologies.

b. Indirect data collection from legal sources

• PayME may also collect information from other lawful sources, as permitted under applicable laws and regulations.

 

4. Purpose of Information Collection and Scope of Use

4.1. Providing Services and Features

PayME uses the collected information to deliver, personalize, maintain, and enhance its services. This includes:

a. Providing services such as:

• Mobile top-ups, bill payments, shopping, collection and disbursement support, in-store payments, QR code payments, money transfers, and other legally provided services for Users.

b. Storing User information to prevent repeated manual data entry during current and future visits.

c. Automatically updating the PayME App, fixing software bugs, resolving operational issues, analyzing data, conducting tests, and performing research.

4.2. Security and Safety

PayME uses User data to ensure security, safety, and integrity across its services. This includes:

• Monitoring and controlling transactions performed from User devices and accounts to identify suspicious activities.
• Verifying identity by matching Users' full name, phone number, National ID (CMND/CCCD), or passport with the bank account information they wish to link.
• This verification process ensures that the linked bank account matches the registered PayME account, helping prevent fraud, scams, and other illegal activities, while enhancing User security.

4.3. Customer Support

If a User contacts PayME’s customer support, PayME may collect and use information, including call recordings, after obtaining User consent. The collected information helps:

a. Direct User inquiries to the appropriate support personnel.
b. Investigate and resolve User concerns or complaints.
c. Monitor and enhance the quality of customer support services.

4.4. Research and Development

PayME may use collected data for research, analysis, and product development purposes, such as:

• Improving security and safety of PayME services.
• Developing new features and services.
• Enhancing payment and financial solutions related to PayME’s services.

4.5. Communications from PayME

PayME may use collected information to communicate with Users about:

• Services, promotions, research, surveys, news, updates, events, contests, rewards, advertisements, and relevant content related to PayME and its partners.

PayME will use the following communication channels:

a. Push notifications through the PayME App.
b. SMS messages or phone calls to the User’s registered phone number.
c. Emails to the User’s registered email address.
d. Announcements and communications posted on:

• PayME’s website: www.payme.vn
• PayME’s official Facebook page: www.facebook.com/paymecorp

4.6. Legal Compliance and Regulatory Requirements

PayME may use collected information to:

a. Investigate or resolve complaints and disputes related to the use of PayME Services by Users.
b. Carry out other legal activities permitted under applicable laws.
c. Provide information to competent state authorities or comply with legal requirements.

 

5. Information Collected

5.1. Information Collected When Users Register for a PayME Account

a. For Individual Users (Vietnamese Citizens):

• Full name
• Date of birth
• Nationality
• Phone number
• National ID (CMND/CCCD) or Passport (valid, including issue date and issuing authority)

b. For Individual Users (Foreign Nationals):

• Full name
• Date of birth
• Nationality
• Phone number
• Valid Passport (including issue date, issuing authority, and visa details, if applicable)

c. For Organizations:

• Full legal name and abbreviation
• Business registration number and tax identification number (if different)
• Registered headquarters address and business transaction address
• Phone number
• Details of the legal representative who registers the PayME Account

5.2. Additional Personal Information Collected by PayME

PayME may collect information when Users:

a. Interact with PayME via the hotline, app, website, or official social media accounts.
b. Communicate with other Users via PayME’s services, such as "Money Transfer", "Send Gift Money", or similar services.
c. Participate in surveys through the PayME App.
d. Enable device access permissions, allowing PayME to access contacts, photos, or location.

5.3. Information Generated During PayME Service Usage

a. Account Information Updates

• Based on applicable laws and User preferences, PayME may collect:
  • Full name
  • Email address
  • Phone number
  • Username
  • Profile photo
  • National ID (CMND/CCCD) or Passport details
  • Date of birth, gender, and address
• This information is provided directly or indirectly by the User.

b. Location Data

• If permitted by the User, PayME may collect:
  • Precise or approximate location via GPS, IP address, and Wi-Fi.
  • User location history when using location-based features (e.g., finding nearby payment points).
• PayME may collect location data while the PayME app is:
  • Open and visible on the screen (foreground mode).
  • Running in the background but not actively displayed (background mode).

c. Transaction Information

• PayME collects transaction details when Users use PayME services, including:
  • Service type, transaction date and time, amount, and transaction-related details.
  • Information about merchants or service providers.
  • Transaction descriptions (goods, services, location, time of purchase).
  • Payment method (PayME does not store sensitive card details such as card number, CVV).

d. Usage and Preferences

• PayME collects data on:
  • How Users interact with PayME services.
  • User preferences and selected settings.
• Some data is collected via:
  • Cookies
  • Tracking pixels
  • Other technologies that generate and maintain unique User identifiers.

e. Device Information

• PayME may collect details about the User’s device, including:
  • Hardware model
  • Operating system and version
  • Installed software and version
  • Preferred language settings
  • Unique device identifiers (IMEI, MAC address, device advertising ID)
  • Serial number
  • Mobile network details

f. Log Data

• When Users interact with PayME services, PayME collects server logs, which may include:
  • Device IP address
  • Access date and time
  • Features or pages viewed in the PayME App
  • App errors and system events
  • Browser type and previously visited third-party websites or services

g. Messaging Data

• PayME allows Users to send messages to contacts within the PayME App when using features like:
  • "Money Transfer",
  • "Payment Requests",
  • "PayME Link".
• PayME collects metadata such as message timestamps but does not store the content of messages.
• This information helps with:
  • Customer support and dispute resolution.
  • Security and fraud prevention.

h. Contact List Access

• If the User grants permission, PayME may access the User’s contact list to enhance services like:
  • "Mobile Top-up",
  • "Money Transfer",
  • "Payment Requests",
  • "PayME Link".
• This allows Users to select contacts directly from their device instead of manually entering phone numbers.

5.4. Information from Other Sources

a. PayME may collect User information when they create or access a PayME Account through:

• Payment service providers.
• Services, applications, or websites that use PayME’s API or share their API with PayME.
• Other integration methods provided by PayME.

b. Publicly available sources.

c. Marketing and market research service providers.

5.5. Other Information Required for Legal Compliance

PayME may request Users to provide additional information related to their use of PayME services for the following reasons:

a. Ensuring PayME's compliance with legal obligations.

b. Reporting to competent government authorities as required by law.

c. Assessing whether the User has complied, is complying, and can continue to comply with PayME's policies.

 

6. User Rights

6.1. Ownership of Personal Information

Users have full ownership of their personal information.

6.2. Control Over Personal Data

Users have the right to:

• Decide whether to provide their personal information to PayME.
• Change or withdraw their consent at any time.
• Check, update, and modify their personal data using the technical tools provided by PayME or by requesting PayME to do so.

6.3. Request for Data Protection Measures

Users have the right to request PayME to implement security measures to protect their information.

6.4. Data Breach Response

Users can request PayME to take appropriate measures if they suspect their personal data has been leaked, lost, or misused, which may cause damage or financial loss.

 

7. Entity Responsible for Data Collection and Management

PAYME TECHNOLOGY JOINT STOCK COMPANY (PayME)

• Business Registration Certificate No.: 0310476487
• Issued by: Department of Planning and Investment
• First issuance date: November 25, 2010
• Headquarters: 152-154-156-158-160 B2 Street, An Lợi Đông Ward, Thu Duc City, Ho Chi Minh City, Vietnam

 

8. Data Retention Period

• In compliance with applicable laws, PayME may retain Users’ personal data and other information for the period required by legal regulations, regardless of the User’s decision to delete or terminate their account.
• The retention period and purpose of storage are determined by relevant legal provisions.

 

9. Data Security and Protection Measures at PayME

9.1. Secure Storage and Protection of User Information

• PayME stores and secures User personal data on system servers that meet legal and security standards.
• Any direct or indirect interactions with these servers must comply with security policies and procedures.
• PayME maintains regular and ad-hoc security assessments, audits, and testing to ensure the integrity and security of User data throughout its operations.

9.2. PayME’s Commitment to User Data Protection

• PayME is committed to protecting User information in accordance with privacy laws.
• PayME does not sell, rent, disclose, or share User data with third parties, except in the following cases:

a. With User consent.

b. Upon User request, via:

• Written documents
• PayME’s in-app features
• Email, phone calls, or any other recorded request method

c. Sharing with third parties, including:

• Technical partners who have signed agreements with PayME to conduct KYC/eKYC identity verification.
• Other integration partners working with PayME to provide and operate services that Users register for and use.

d. As required by law or governmental authorities.

• PayME ensures that all third parties receiving User data must comply with strict data protection standards equivalent to PayME’s own security commitments.

9.3. Access to User Data by PayME and Related Entities

Users acknowledge and agree that PayME may allow certain individuals or organizations to access, process, and use their personal data, specifically:

a. PayME employees, such as:

Operations, technical, HR, customer support, and business development teams performing their job functions.

b. Legal professionals and consultants, such as:

Advisors, lawyers, inspectors, and auditors involved in handling legal or regulatory matters related to the User.

c. Parent company, subsidiaries, and group affiliates

• Entities involved in the deployment and operation of PayME’s products and services.
• PayME has informed all related individuals and organizations of their confidentiality obligations and has implemented measures to ensure compliance with these data security requirements.

 

10. User Security Recommendations

PayME strongly recommends that Users take proactive measures to protect their PayME Accounts, including:

• Never sharing their account credentials, login passwords, or OTP codes with any third party.
• If using a shared computer or mobile device, Users should:
  • Avoid saving login details (e.g., User ID and password) on the shared device.
  • Log out of their account and close the browser window after completing a session.    

PayME is not responsible for any data breaches caused by the User’s failure to follow these security recommendations.

11. Special Provisions on the Protection of Users' Personal Data Under Decree 13/2023/NĐ-CP (Issued on April 17, 2023)

11.1. Principles of Personal Data Protection at PayME

PayME adheres to the following principles when processing personal data:

a. Personal data is processed in compliance with legal regulations.

b. Data subjects (Users) have the right to be informed about the processing of their personal data, except where otherwise specified by law.

c. Personal data is processed only for the declared purposes as registered by PayME or third parties.

d. Data collection is appropriate, limited to necessity, and strictly for the intended purposes.

• PayME does not buy or sell personal data in any form, unless otherwise permitted by law.

e. Personal data is regularly updated and supplemented in line with the intended processing purposes.

f. Personal data is protected with technical and organizational measures, ensuring security against:

• Unauthorized access
• Data breaches
• Loss, destruction, or damage

g. Personal data is stored only for the necessary period required for processing, except where a longer retention period is mandated by law.

11.2. Rights and Obligations of Data Subjects (Users) at PayME

a. Rights of Data Subjects

• Right to be informed: Users have the right to know how their personal data is processed unless otherwise stated by law.
• Right to consent: Users have the right to agree or refuse the processing of their personal data unless otherwise required by law.
• Right to access: Users have the right to view, edit, or request modifications to their personal data, except where restricted by law.
• Right to withdraw consent: Users can revoke their consent for data processing at any time, unless otherwise regulated.
• Right to data deletion: Users can delete or request deletion of their personal data, unless legal provisions prevent such deletion.
• Right to restrict data processing: Users can request PayME to limit processing of their data.
  • PayME will implement the restriction within 72 hours of receiving the request.
• Right to data portability: Users can request a copy of their personal data from PayME, unless otherwise restricted by law.
• Right to object to data processing: Users can object to PayME processing their personal data for:
  • Marketing or advertising purposes
  • Preventing disclosure of personal data
  • PayME will process this restriction within 72 hours of receiving the request.
• Right to file complaints, reports, or lawsuits: Users can file complaints, report violations, or take legal action regarding data protection breaches.
• Right to claim compensation: Users can demand compensation for damages if their data protection rights are violated, except where otherwise agreed or regulated by law.
• Right to self-protection: Users may exercise their rights in accordance with:
  • Vietnam's Civil Code
  • Other relevant laws
  • Decree 13/2023/NĐ-CP
• Users can also request competent authorities or organizations to enforce civil rights protection measures under Article 11 of the Civil Code.

b. Obligations of Data Subjects (Users)

• Protect their personal data and request data protection from relevant organizations or individuals.
• Respect and protect the personal data of others.
• Provide accurate and complete personal data when consenting to data processing.
• Participate in public awareness efforts regarding personal data protection.
• Comply with legal regulations on personal data protection and cooperate in preventing violations.

11.3. Protection of Personal Data During Processing at PayME

a. User Consent for Data Processing

• Users have the right to give consent for all activities related to the processing of their personal data.
• When using PayME services, Users are informed about:
  • The type of personal data being processed.
  • The purpose of processing personal data.
  • The entity responsible for processing personal data (PayME).
  • Their rights and obligations as data subjects (as outlined in Section 11.2 of this Policy).
• Users will be explicitly notified when the data being processed includes sensitive personal data.

By reading and agreeing to this Privacy Policy, and checking the consent box when registering an account and using PayME services, the User has explicitly agreed to data processing under this Policy.

• Checking the consent box is a mandatory condition for registering and using PayME products and services.
• Existing accounts and transaction history serve as valid evidence of the User's consent, which PayME may use as proof in any circumstances.
• Users may withdraw their consent at any time as stated in this Policy.

b. Withdrawal of Consent

• Withdrawing consent does not affect the legality of data processing that occurred before the withdrawal.
• Users must submit a formal withdrawal request either in writing or via PayME’s available technical features.
• After withdrawing consent, the User may lose access to certain features, products, or services depending on the scope of the withdrawal.
• Upon receiving the withdrawal request, PayME and any relevant third parties will cease data processing in accordance with the withdrawal request's scope.

c. Notification of Data Processing

• The purpose, type of data collected, method, scope, and retention period are clearly stated in this Policy.
• Any modifications or updates will be communicated by PayME, or as required by law.
• By checking the consent box when registering and using PayME services, the User acknowledges and agrees to:
  • The collection and processing of their personal data by PayME.
  • The compliance of data processing with Articles 9 and 13 of Decree 13/2023/NĐ-CP.
• Users may withdraw consent at any time as outlined in this Policy.

d. Requesting Personal Data from PayME

• Users have the right to request a copy of their personal data stored by PayME.
• To make a request, Users must:
  • Visit PayME’s headquarters in person or
  • Authorize a representative to submit a Personal Data Request Form (as per Decree 13/2023/NĐ-CP).
• PayME will provide the requested data within 72 hours after receiving the request.

By checking the consent box, the User agrees that PayME may share their personal data with third parties, including:

• Credit institutions
• KYC/e-KYC service providers
• Operational support service providers
• Government authorities

This data sharing is strictly for customer identity verification, account authentication, transaction verification, or other necessary operations related to PayME’s services, in compliance with Decree 13/2023/NĐ-CP.
Users may withdraw this consent at any time following the procedures in this Policy.

e. Modifying Personal Data

• Users can access and modify their personal data via:
  • Self-service tools within the PayME platform.
  • A formal request submitted to PayME.
• PayME will update or correct personal data immediately upon request.
  • If the data cannot be modified, PayME will inform the User within 72 hours of receiving the request.

By checking the consent box, the User explicitly agrees that PayME has the right to modify, update, or correct personal data when necessary for:

• Ensuring accurate account information.
• Compliance with legal regulations.
• Providing secure and uninterrupted services.

Users may withdraw this consent at any time under the terms of this Policy.

f. Storage, Deletion, and Destruction of Personal Data

1. Users Can Request PayME to Delete Their Personal Data If:

• They believe the data is no longer necessary for the original purpose of collection and accept any potential consequences of data deletion.
• They withdraw their consent.
• They object to data processing, and PayME has no legitimate reason to continue processing it.
• The data has been processed improperly or unlawfully.
• Deletion is required by law.

2. PayME May Reject a Data Deletion Request If:

• Laws prohibit data deletion.
• The data is being processed by government authorities for official purposes.
• The data has been publicly disclosed under legal regulations.
• The data is being used for legal proceedings, scientific research, or statistical purposes.
• The data is needed in emergency situations related to:
  • National defense, public security, major disasters, pandemics, counter-terrorism, crime prevention, or law enforcement.
  • Preventing risks to national security before an official emergency declaration.
  • Emergency response to threats against life, health, or safety of the User or others.

3. Timeline for Deleting Personal Data

• PayME will delete all personal data within 72 hours after receiving a deletion request, unless legal provisions state otherwise.

4. PayME May Proactively Delete Personal Data If:

• The data has been processed incorrectly or is no longer needed.
• Data retention is no longer necessary for PayME’s operations.
• PayME ceases business operations, dissolves, declares bankruptcy, or shuts down.
• PayME stores data securely in accordance with its operational needs and legal requirements.

g. Other Regulations

1. PayME May Process Personal Data Without User Consent in Certain Situations, Including:

• Emergency situations requiring immediate action to protect the life or health of the User or others.
• Disclosure of personal data as mandated by law.
• Processing by government authorities in cases involving:
  • National defense, public security, major disasters, pandemics, counter-terrorism, crime prevention, and law enforcement.
  • Threats to national security that do not yet require an official emergency declaration.
• Fulfilling legal obligations under a contract involving the User and relevant organizations, agencies, or individuals.
• Official governmental operations as defined by specialized laws.

2. Data Processing for Marketing and Branding Purposes

• PayME may process User personal data for marketing, advertising, and brand development activities.
• All marketing activities will comply with legal regulations and require User consent.

By checking the consent box when registering and using PayME services, the User:

• Acknowledges and agrees that PayME may process their personal data for marketing and branding purposes in compliance with the law.
• May withdraw this consent at any time under the terms of this Policy.

11.4. PayME’s Responsibilities in Personal Data Control and Processing

PayME is committed to ensuring legal compliance and data security in handling Users’ personal data. The company’s responsibilities include:

a. Implementation of Organizational and Technical Security Measures

• PayME implements and maintains security protocols to ensure that all data processing activities comply with personal data protection laws.
• The company regularly reviews and updates these security measures to address emerging threats and vulnerabilities.

b. Recording and Storing System Logs

• PayME maintains detailed records and system logs of personal data processing activities to ensure accountability and transparency.

c. Reporting Data Protection Violations

• PayME is obligated to report any violations of data protection laws as per Decree 13/2023/NĐ-CP.
• This includes unauthorized access, breaches, and non-compliant data processing activities.

d. Ensuring Users’ Data Protection Rights

• PayME guarantees that Users’ rights under Section 11.2 of this Policy are fully respected and enforced.
• This includes ensuring that Users can access, modify, restrict, or delete their data as per legal provisions.

e. Accountability for Damages

• PayME is responsible for any damages caused by improper data processing.
• Users can seek compensation if their data protection rights are violated due to PayME’s actions.

f. Compliance with Legal Data Protection Measures

• PayME ensures strict compliance with Decree 13/2023/NĐ-CP and other relevant legal regulations governing data protection, storage, and processing.
• All security measures and data handling procedures align with the latest legal and cybersecurity standards to safeguard Users’ personal information.

 

12. Other Provisions

12.1. Policy Review and Updates

• This Privacy Policy will be reviewed and updated every three (03) months, or as needed.
• Any modifications, additions, or replacements will be publicly announced on:
  • The official PayME website (www.payme.vn).
  • The PayME app.
  • Other official communication channels as applicable.
• PayME encourages Users to regularly review the Policy to ensure they are informed about how their personal data is being collected, processed, used, stored, and secured.
• By continuing to use PayME services, Users agree to the updated terms of this Policy.

12.2. Validity of Policy Provisions

• If any provision of this Policy is deemed illegal or unenforceable, PayME may:
  • Amend the provision to make it legally valid.
  • Remove the provision entirely at its discretion.
• The invalidity of one provision does not affect the validity of the remaining provisions, which will continue to be fully enforceable.

12.3. Compliance with Government Regulations

• Users acknowledge that PayME may be required to take actions that could potentially conflict with this Policy due to legal obligations or directives from government authorities.
• Users agree not to hold PayME liable for any such legally mandated actions.

12.4. Transfer and Assignment of Rights

• Users may not transfer their rights or obligations under this Policy without prior written consent from PayME.
• PayME reserves the right to transfer its rights and obligations, provided that:
  • Users are notified publicly via PayME’s website and/or other official communication channels at least 15 days in advance.
  • If Users continue using PayME’s services after the transfer takes effect, they are deemed to have accepted the transfer.
  • If Users do not agree, they have the right to discontinue using PayME’s products and services.

12.5. Binding Effect

• This Policy is legally binding on:
  • The User's heirs and personal/legal representatives.
  • Successors and authorized assignees of the User's rights and obligations.

12.6. Contact Information for Inquiries and Complaints

For any questions, requests, or complaints regarding this Policy or the use of personal data, Users may contact PayME through the following channels:

a. 24/7 Customer Support Hotline: 1900.88.66.65
b. Email: hotro@payme.vn
c. Live Chat: Available via the PayME website.
d. In-Person Support:

• Office Address: 152-154-156-158-160 B2 Street, An Lợi Đông Ward, Thu Duc City, Ho Chi Minh City, Vietnam.
• Business Hours: Monday to Friday, 08:00 AM – 05:30 PM.

12.7. Force Majeure Events

a. Definition of Force Majeure Events

A force majeure event is an event that occurs objectively and unpredictably, despite all reasonable preventive measures being taken. Such events include, but are not limited to:

• Natural disasters (storms, floods, earthquakes, fires, accidents, and catastrophes).
• Health crises (epidemics, nuclear contamination, or radioactive exposure).
• Political or social instability (wars, civil wars, uprisings, strikes, or riots).

If a force majeure event prevents either party from fulfilling its obligations:

• The affected party must promptly notify the other party in writing.
• Within fifteen (15) days from the occurrence of the event, the affected party must provide official written evidence (via registered mail) detailing:
  • The nature of the force majeure event.
  • The expected duration of its impact.

b. Obligation to Minimize Damage

The affected party must take all reasonable measures to minimize any potential damages caused by the force majeure event.

c. Exemption from Liability

PayME is not liable for any failure to perform obligations under this Agreement due to force majeure events.

12.8. Dispute Resolution

• Any disputes or disagreements arising from this Policy shall first be resolved through negotiation and reconciliation.
• If no agreement is reached, both parties agree to submit the dispute to the competent court where PayME's headquarters is located.

12.9. Governing Law

• This Privacy Policy is governed and interpreted under Vietnamese law.
• Any matters not explicitly covered in this Policy will be subject to Vietnamese legal regulations in effect at the time.