Skip to content
Logo
Parallel Icon PRIVACY POLICY

PRIVACY POLICY – INFORMATION SECURITY POLICY

Effective as of 13 December 2026

Shape 1

Table of Contents

GalaxyOne Company Limited (“we”, “us”, “our” or “GalaxyOne”) is committed to respecting users’ privacy. We strive to provide a safe and secure user experience. This Privacy Policy – Information Security Policy (the “Policy”) sets out the collection, processing and use of personal data online applicable to all GalaxyOne websites (unless a separate privacy statement applies specifically). We encourage you to read this Policy carefully and to review this page regularly for any changes we may make in accordance with its terms.

For the purposes of this Policy, “personal data” means any information relating to an identified or identifiable natural person (i.e., an individual).

By selecting and agreeing to this Policy when seeking consultation, you authorize us to collect, use, share and/or otherwise process your personal data in accordance with this Policy. Such authorization shall be effective from the time you provide your consent until you withdraw it or it is otherwise terminated in accordance with applicable law. If you do not agree to the processing of your personal data as described herein, please do not use our services or access our websites, or notify us immediately if you wish to withdraw your consent previously given.

Our websites may contain links to other websites that we do not control (if any). GalaxyOne is not responsible for the privacy policies or practices of such third-party websites. We encourage you to review the privacy policies of those websites to understand how they collect, use and share your personal data. This Policy applies solely to personal data collected through GalaxyOne’s websites and does not apply to personal data collected by any other means.

1. Definitions

1.1. “GalaxyOne” means GalaxyOne Company Limited.

1.2. “User” means an individual who searches for, accesses, registers for, or intends to use services and products of GalaxyOne and/or those provided in cooperation with partners, and/or is interested in career opportunities at GalaxyOne.

1.3. “Data Subject” means the individual to whom the personal data relates.

1.4. “Personal Data” means information reflecting personal identity and background commonly used in transactions and social relations, as prescribed by the Government, including:

  1. Full name (including middle name), and other names (if any);
  2. Date of birth; date of death or missing status;
  3. Gender;
  4. Place of birth; place of birth registration; permanent residence; temporary residence; current address; hometown; contact address;
  5. Nationality;
  6. Personal images;
  7. Phone number; personal identification number; passport number; driver’s license number; vehicle registration number;
  8. Marital status;
  9. Family relationship information (parents, children, spouse);
  10. Digital account information;
  11. Other information associated with or identifying a specific individual not classified as sensitive personal data.

1.5. Sensitive Personal Data” means personal data associated with an individual’s privacy which, if infringed, may directly affect lawful rights and interests, as prescribed by the Government, including:

  1. Racial or ethnic origin;
  2. Political, religious or belief-related views;
  3. Private life, personal secrets, family secrets;
  4. Health status;
  5. Biometric and genetic data;
  6. Sexual life and sexual orientation;
  7. Criminal records or legal violations maintained by law enforcement authorities;
  8. Location data determined via location-based services;
  9. Account login credentials and identity verification data (e.g., ID cards);
  10. Banking credentials, financial data, transaction history, credit information;
  11. Behavioral and usage data relating to telecommunications, social media, and online services;
  12. Other personal data required by law to be kept confidential or subject to strict protection.

1.6. Personal Data Protection” means measures, tools and actions taken to prevent violations of personal data.

1.7. Processing of Personal Data” means any operation performed on personal data, including collection, analysis, aggregation, encryption, decryption, modification, deletion, destruction, anonymization, disclosure, transfer, or other related activities.

1.8. Personal Data Controller” means an entity determining the purposes and means of processing personal data.

1.9. Personal Data Processor” means an entity processing personal data on behalf of a controller.

1.10. Controller and Processor” means an entity that both determines purposes and directly processes personal data.

1.11. Third Party” means any entity other than the Data Subject, Controller, Processor, or Controller and Processor that is authorized to process personal data.

2. Rights and Obligations of Data Subjects

By using our services or accessing our website, the User acknowledges understanding their rights and obligations under applicable laws, including but not limited to prevailing personal data protection laws.

GalaxyOne is permitted to retain Users’ personal data (including but not limited to name, profile, CV, contact information, etc.) for lawful purposes relating to service usage, recruitment, or partnership activities, for as long as such data is stored in accordance with applicable laws.

If a User requests deletion of their personal data, GalaxyOne will process such request in accordance with applicable regulations and notify relevant parties unless retention is required by law.

2.1. Data Subjects have the following rights:

  1. Right to be informed about processing activities, including types of data, purposes, and involved parties.
  2. Right to consent or withdraw consent for data processing, except where otherwise provided by law.
  3. Right to access and rectify personal data.
  4. Right to request provision, deletion, restriction or objection to data processing.
  5. Right to request protective measures from competent authorities or relevant organizations.
  6. Right to complain, denounce, initiate lawsuits, and claim damages in accordance with law.
  7. Right to self-protection under applicable civil and related laws.

All valid requests will be handled within statutory timelines, and identity verification may be required.

2.2. Data Subjects also have obligations, including:

  1. Protecting their own personal data;
  2. Respecting others’ personal data;
  3. Providing accurate information;
  4. Complying with personal data protection laws.

3. User Representations and Affirmations

3.1. Personal data provided by Users to GalaxyOne and/or obtained through other actions includes Basic Personal Data and/or Sensitive Personal Data of the User.

3.2. Users acknowledge having read, understood, and grasped their rights and obligations as Data Subjects, the types of data processed, purposes, and relevant entities. This Policy constitutes notice from GalaxyOne prior to processing. For sensitive data, GalaxyOne will provide notice via email or document to the Data Subject.

3.3. GalaxyOne may process personal data for the following “Purposes” in ways deemed necessary and lawful:

  1. User support, contact confirmation, and information updates;
  2. Recruitment and candidate management for career opportunities at GalaxyOne;
  3. Service provision and fulfillment of contractual and legal obligations;
  4. Marketing, advertising, and introducing products or services based on User needs;
  5. Data storage, analytics, service improvement, after-sales activities, and responding to state authorities;
  6. Ensuring Data Subjects can exercise their legal rights;
  7. Data storage with third-party hosting providers;
  8. System testing, management, upgrades, and security improvements;
  9. Promotion of events, news, surveys, and reward programs;
  10. Handling queries, feedback, complaints, and legal disputes;
  11. Improving product and service quality;
  12. Implementing measures for data security and information safety;
  13. Resolving disputes and denunciations;
  14. Exchanging information with state authorities and relevant entities as per law;
  15. Business promotion and market expansion activities;
  16. Other purposes as determined by GalaxyOne from time to time.

3.4. Users confirm their consent and commit that:

  1. They have been notified of data processing and agree to it until the Purposes are fulfilled. Exercising rights (withdrawal, deletion) does not affect prior lawful processing. Users are responsible for consequences arising from exercising their rights.
  2. Upon withdrawal of consent, GalaxyOne will request Processors/Third Parties to stop processing according to technical capabilities and law. GalaxyOne is exempt from liability if technical factors prevent immediate cessation.
  3. They will notify GalaxyOne of changes in data and allow GalaxyOne to update records accordingly.
  4. GalaxyOne has the right to manage and retain data as deemed appropriate; Users may request access, rectification, or deletion.
  5. They exempt GalaxyOne from liability for risks beyond control, such as system errors.
  6. Protection of Minors’ Data: For Users aged 14 to under 16, GalaxyOne will verify age and obtain guardian consent as required by law.
  • Parents or guardians are responsible for supervising and managing minors’ activities on GalaxyOne websites.

g. Sharing with Processors or Third Parties may involve partners and service providers for the purposes outlined in this Policy.

  • Partners providing products/services to Users;
  • Entities shared for other purposes as determined by GalaxyOne.

h. Users agree to cross-border data transfer. GalaxyOne ensures recipients maintain security and complies with legal obligations for such transfers.

4. Types of Personal Data Processed

4.1. Basic Personal Data: Name, date of birth, gender, address, nationality, images, phone number, ID numbers, tax ID, and other information not classified as sensitive.

4.2. Sensitive Personal Data: As determined by GalaxyOne’s service policies from time to time.

5. Methods of Data Collection

GalaxyOne collects data through:

  1. Direct verbal or written communication;
  2. Surveys, social media, or third-party service providers;
  3. Other parties related to the User;
  4. Website cookies;
  5. Service contracts and other agreements.

6. Personal Data Processing Duration

6.1. Commencement

GalaxyOne will begin processing the Data Subject’s personal data from the moment the data is received.

6.2. Termination

GalaxyOne will stop processing personal data when (whichever comes later):

  • Upon a valid written request for termination from the Data Subject; GalaxyOne will record and store system logs of the processing history for the purposes stated in section 3.4.
  • Disputes or complaints are resolved via agreement, judgment, or legally effective decision;
  • Other times appropriate to the Purposes;
  • As required by legal obligations.

However, GalaxyOne may continue to retain personal data to fulfill its legal obligations, and GalaxyOne is responsible for securing such data in accordance with the law.

7. Storage and Security of User Personal Data

7.1. GalaxyOne is committed to storing and securing personal data safely and in compliance with law. All third parties authorized to access, process, or store User personal data under this Policy are required to comply with GalaxyOne’s security obligations.

7.2. GalaxyOne implements appropriate data processing methods as well as technical and organizational security measures to prevent unauthorized access, reading, use, modification, destruction, or other processing activities.

7.3. GalaxyOne will record and store system logs of the personal data processing history for the purposes mentioned in Section 3.4, Article 3 of this Policy and as required by law.

7.4. Data Subjects acknowledge that GalaxyOne implements technical, physical, and administrative measures to protect personal data. However, risks associated with data security—whether provided directly, via phone, or the internet—are inherent. No technical system is absolute against all hackers or unauthorized intruders; therefore, if data is exposed due to hacking or causes beyond GalaxyOne’s control, the User agrees to exempt GalaxyOne from related liabilities.

7.5. Since the internet is not a completely secure environment, risks of theft or breach may occur when data is shared for the purposes in Section 3.4. Data Subjects acknowledge that GalaxyOne is not responsible for risks once data has been shared with authorized third parties.

8. Amendments, Supplements, and Replacement of the Policy

8.1. GalaxyOne may amend, supplement, or replace this Policy at any time it deems appropriate, ensuring compliance with relevant laws.

8.2. GalaxyOne will notify Users of such changes via documents, email, the official website, postings at transaction points, or other suitable forms.

8.3. Continued use of GalaxyOne’s services after notification constitutes full acceptance of the amended Policy.

9. Complaints and Contact Regarding Data Processing

9.1. If a User believes any content on GalaxyOne’s website violates their rights, third-party rights, or the law, please notify GalaxyOne. A valid notice must include:

  • Title: Report of Violation
  • Claimant information (Full name, email, contact number, etc.)
  • Violation details (text, images, links, videos, etc.)

9.2. GalaxyOne will review each report and take reasonable steps to notify the claimant of the outcome.

9.3. Data Subjects may contact GalaxyOne at:

  • Directly: 10th Floor, Galaxy Innovation Hub Building, D1 Street, High-Tech Park, Tang Nhon Phu Ward, Thu Duc City, Ho Chi Minh City, Vietnam.
  • Phone: (028) 73058555
  • Email: info@galaxy.one
  • Website: https://galaxy.one

10. Dispute Resolution

Any disputes arising from or related to personal data processing shall first be resolved through negotiation and mediation. If mediation fails, the parties may submit the dispute to competent courts in Vietnam.

11. Final Provisions

This Policy applies to all personal data and transactions with GalaxyOne, representing the User’s full consent. This Policy prevails in case of conflict with other agreements or documents governing the relationship between the Data Subject and GalaxyOne, regardless of whether those documents were signed before or after the acceptance of this Policy. For any objections or specific conditions regarding data processing, Users should contact GalaxyOne for support.