1. Introduction

PCA Corporate Services Limited (“the Firm”) is committed to protecting the privacy and confidentiality of our clients’ personal information. This Data Privacy Policy outlines how we collect, use, disclose, and protect the personal data provided by our clients. This policy applies to all clients who engage our professional services.

2. Information We Collect

We collect various types of personal information from our clients to provide effective legal representation and services. The types of information we collect may include but are not limited to:

• • Personal identification information (e.g., name, address, contact details, date of birth, identification documents).

• • Financial information (e.g., billing details, payment information).

• • Case-specific information (e.g., details about legal matters, associated documents, and communications related to the case).

3. Purpose of Data Collection

We use the collected information for the following purposes:

• • Providing legal services and fulfilling our obligations to clients.

• • Managing client accounts, billing, and processing payments.

• • Communicating with clients, including case updates and responses to inquiries.

• • Complying with legal and regulatory requirements.

• • Improving our services and client experience.

• • Ensuring the security and integrity of our systems.

4. Legal Basis for Processing

Our processing of clients’ personal information is based on one or more of the following legal grounds:

• • The processing is necessary for the performance of a contract to which the client is a party (e.g., the engagement of legal services).

• • The processing is necessary for compliance with a legal obligation to which the Firm is subject.

• • The processing is based on the client’s consent, which may be obtained through written agreements or other lawful means.

• • The processing is necessary for the establishment, exercise, or defense of legal claims.

• • The processing is necessary for the legitimate interests pursued by the Firm, provided that such interests do not outweigh the clients’ fundamental rights and freedoms.

5. Data Sharing and Disclosure

We may share clients’ personal information with the following entities, only when necessary and to the extent required:

• • Our legal professionals and staff members involved in providing services.

• • Third-party service providers, such as IT support and payment processors, who assist us in operating and managing our firm.

• • Government authorities, when required by law or for legal and regulatory compliance.

• • With the client’s consent, we may also share information with other parties, such as co-counsel or opposing parties in legal proceedings.

6. Data Retention

We retain clients’ personal information for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws and regulations. Once the retention period expires, we will securely delete or anonymize the data.

7. Data Security

We implement reasonable physical, technical, and organizational measures to protect clients’ personal information from unauthorized access, disclosure, alteration, or destruction. These security measures include firewalls, encryption, access controls, and staff training on data protection.

8. Client Rights

Clients have certain rights regarding their personal information, including but not limited to:

• • Access: The right to request access to the personal data we hold about them.

• • Rectification: The right to correct inaccurate or incomplete data.

• • Erasure: The right to request the deletion of their personal information under certain circumstances.

• • Restriction: The right to restrict the processing of their data under certain circumstances.

• • Objection: The right to object to the processing of their personal information.

• • Portability: The right to receive a copy of their data in a commonly used machine-readable format.

9. Consent

By engaging our legal services and providing personal information, clients consent to the collection, use, and disclosure of their information as outlined in this policy.

10. Minors’ Data

Our legal services are not directed at minors, and we do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will promptly delete it from our records.

11. International Data Transfers

Our firm operates in multiple jurisdictions or serves international clients, personal information may be transferred to and processed in countries outside the client’s country of residence. We will take all reasonable steps to ensure that such transfers comply with applicable data protection laws and provide an adequate level of protection for the information.

12. Data Breach Notification

In the event of a data breach that poses a risk to the rights and freedoms of clients, we will take all necessary measures to mitigate the impact and notify affected clients as required by applicable laws and regulations.

13. Changes to the Policy

We may update this Data Privacy Policy from time to time to reflect changes in our practices or legal requirements. Clients will be notified of any material changes.

14. Contact Us

For any questions, concerns, or requests related to this Data Privacy Policy or the handling of personal information, clients can contact us at ntn@pcacompanyservices.com.

By using our services, clients agree to the terms and practices outlined in this Data Privacy Policy. If clients do not agree with this policy, they should refrain from using our services and contact us to address any concerns or questions they may have.

Mr. LÊ N. Bao

Chief Executive Officer

PCA Group

[b@pcacompanyservices.com]

01-07-2023

Data Privacy Policy for Clients’ Information

Legal Basis: Personal Data Protection under the new Decree 13/2023/ND-CP