2. Information We Collect
We collect various types of personal information from our clients to provide effective legal representation and services. The types of information we collect may include but are not limited to:
Personal identification information (e.g., name, address, contact details, date of birth, identification documents).
Financial information (e.g., billing details, payment information).
Case-specific information (e.g., details about legal matters, associated documents, and communications related to the case).
3. Purpose of Data Collection
We use the collected information for the following purposes:
Providing legal services and fulfilling our obligations to clients.
Managing client accounts, billing, and processing payments.
Communicating with clients, including case updates and responses to inquiries.
Complying with legal and regulatory requirements.
Improving our services and client experience.
Ensuring the security and integrity of our systems.
4. Legal Basis for Processing
Our processing of clients’ personal information is based on one or more of the following legal grounds:
The processing is necessary for the performance of a contract to which the client is a party (e.g., the engagement of legal services).
The processing is necessary for compliance with a legal obligation to which the Firm is subject.
The processing is based on the client’s consent, which may be obtained through written agreements or other lawful means.
The processing is necessary for the establishment, exercise, or defense of legal claims.
The processing is necessary for the legitimate interests pursued by the Firm, provided that such interests do not outweigh the clients’ fundamental rights and freedoms.
5. Data Sharing and Disclosure
We may share clients’ personal information with the following entities, only when necessary and to the extent required:
Our legal professionals and staff members involved in providing services.
Third-party service providers, such as IT support and payment processors, who assist us in operating and managing our firm.
Government authorities, when required by law or for legal and regulatory compliance.
With the client’s consent, we may also share information with other parties, such as co-counsel or opposing parties in legal proceedings.
6. Data Retention
We retain clients’ personal information for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws and regulations. Once the retention period expires, we will securely delete or anonymize the data.
7. Data Security
We implement reasonable physical, technical, and organizational measures to protect clients’ personal information from unauthorized access, disclosure, alteration, or destruction. These security measures include firewalls, encryption, access controls, and staff training on data protection.
8. Client Rights
Clients have certain rights regarding their personal information, including but not limited to:
Access: The right to request access to the personal data we hold about them.
Rectification: The right to correct inaccurate or incomplete data.
Erasure: The right to request the deletion of their personal information under certain circumstances.
Restriction: The right to restrict the processing of their data under certain circumstances.
Objection: The right to object to the processing of their personal information.
Portability: The right to receive a copy of their data in a commonly used machine-readable format.
By engaging our legal services and providing personal information, clients consent to the collection, use, and disclosure of their information as outlined in this policy.
10. Minors’ Data
Our legal services are not directed at minors, and we do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will promptly delete it from our records.
11. International Data Transfers
Our firm operates in multiple jurisdictions or serves international clients, personal information may be transferred to and processed in countries outside the client’s country of residence. We will take all reasonable steps to ensure that such transfers comply with applicable data protection laws and provide an adequate level of protection for the information.
12. Data Breach Notification
In the event of a data breach that poses a risk to the rights and freedoms of clients, we will take all necessary measures to mitigate the impact and notify affected clients as required by applicable laws and regulations.
13. Changes to the Policy
14. Contact Us
Mr. LÊ N. Bao
Chief Executive Officer
Legal Basis: Personal Data Protection under the new Decree 13/2023/ND-CP