Vietnam Data Protection and Privacy Policy

Effective/Last Updated: June 30^th, 2025

BNI^® DATA PROTECTION AND PRIVACY POLICY

BNI Worldwide Development Ltd is the data controller or the data controller and processor (depending on the purpose of processing personal data) of your personal data for and on behalf  of BNI Global, LLC, together with its related affiliates (collectively, “BNI”, “our” or “we”). 

This Data Protection and Privacy Policy (“Policy”) is intended to explain to you, as a user of  BNI, our services, BNIConnect.com, or web-accessed or mobile applications (“Sites”), what  personal data we collect about you, the purposes for which we process that data, how we use or process that data, with whom it may be shared, your options about such uses and disclosures and your rights and responsibilities concerning your personal data.  

If you have any questions about this Policy or our personal data processing practices, or if you  would like to request information about our disclosure of personal data to third parties for  their direct marketing purposes, please contact us by email, telephone, or mail as follows:

BNI Worldwide Development Ltd

Ballinrobe Road
Castlebar
Co. Mayo
F23 FT28
IRELAND

Phone: +353 94 902 1553
Email: legal@bni.com

BNI’s Data Protection Officer can be contacted at the above address or phone number, or by  email at dpo@bni.com.

If you are located in Vietnam, please contact us at:

Floor 7, Block B [7-1-2], Kocham Building, Lot A17B, NT8 Street, Hoa Phu Ward, Thu Dau Mot City, Binh Duong Province, Vietnam

Phone: 02871077979
Email: info@bni.vn

Before accessing and using our Sites or transacting business with us, you acknowledge and warrant that you have carefully read and fully understood the terms, conditions, statements, warranties, and commitments set out in this Policy. By agreeing to these terms, you permit BNI to process your information and data in accordance with this Policy. You show your acceptance by clicking on the “Agree” button. If you disagree with any of BNI’s terms or conditions, you must leave the Site and cease further use. You are fully responsible for any obligations or liabilities arising from any violation of the terms, commitments, and/or conditions outlined in this Policy, and you will not be exempt from these responsibilities on the grounds that you have not read or fully understood the terms of this Policy. If you have read and understood this Policy and disagree with BNI’s terms, you must immediately leave the Site and cease using any of BNI’s services.

In the event of inconsistency between any terms of this Policy and any translation of this  Policy into another language, the English version will control and prevail on any question of  interpretation or otherwise.

Categories of personal data collected about you and others

“Personal Data” refers to any information, whether in electronic or physical form, such as text, numbers, images, sound, or similar means, about an identified or identifiable individual, including basic personal data and sensitive personal data.

“Basic Personal Data” includes full name at birth, date of birth and date of death or disappearance, gender, place of birth, registered place of birth, permanent residence, temporary residence, current address, hometown, contact address, nationality, personal photograph, phone number, identification number, passport number, driver’s license number, vehicle registration number, personal tax code, social insurance number, health insurance card number, marital status, information about family relationships, personal account information, and data reflecting online activities and history.

“Sensitive Personal Data” means personal data that, once leaked or illegally used, will easily  lead to infringement of human dignity or harm to the personal or property safety of a natural  person, including (but not limited to): (i) biometric data; (ii) religion; (iii) specific social status;  (iv) medical health information; (v) financial accounts; (vi) tracking/location information; ; (vii) minors’ data; viii) information related to race and ethnicity; (ix) genetic information; (x) information about physical attributes and unique biological characteristics; (xi) information about sexual life and sexual orientation; and (xii) data on crimes and offenses collected and stored by law enforcement agencies.

If you do not agree with the collection and processing of your Personal Data, you may not be able to use the functions corresponding to the Personal Data you have not consented for us to collect and process, but would not affect your use of any other functions.

We collect, store and use, with your consent where required by the applicable laws, the following personal data via our Sites, or otherwise interacting with us. 

1. General. When you engage in certain activities on our Sites, such as registering for an  account, purchasing a product, submitting content and/or posting content on any of our  blogs, or sending us feedback, we may ask you to provide certain information about yourself.  Examples of personal data may include your first and last name, email address, mailing  address, telephone numbers, age group, gender and other identifying information. When  setting up your profile on our Sites, you may be asked to provide an e-mail address, phone  number, and address. To a very limited extent, we may be processing your own professional  revenue data, although mostly such revenue data relates to your organisation, not to you  personally.
2. We gather certain information about you based upon where you visit on our Sites, and what  other sites may have directed you to us. This information, which is collected in a variety of  different ways, is compiled and analyzed on both a personal and an aggregated basis. This  technology enables us to determine (i) your IP Address of your computer and its geographic  location from installing the applications onto your computer or your mobile device; (ii) your  search terms or interactive behavior via the Sites; (iii) your purchasing behavior; (iv) source  of the information sought by you during your search; and (v) the age of your results data  (collectively, “Shared Information”). 
3. Other Information You Provide. We may also collect and store any personal data you  enter on our Sites or provide to us in some other manner, including personal information that  may be contained in any comment you post to our Sites. This includes your name, address, e mail address, and telephone number (if provided and applicable); images (both still and  moving).
4. Information About Others. We may also collect and store personal data about other people provided to us by members, including their businesses, contact details including email addresses and/or IP addresses. Where applicable, this data is used in the legitimate interests  of members, for the purposes of generating their invitations to non-members to Chapter  meetings and other BNI events, and for business-to-business referrals between members for  the potential purchase of goods or services from non-members. If you provide to us personal  data of any other individuals, you must provide a copy of this Policy to them, and obtain their  consent for you to share their personal data for us to use for the purposes as described in this  Policy. We may request that you provide proof of such consent to demonstrate your compliance with data protection principles.
5. Automatic Collection of Data. Information concerning your computer hardware and  software are automatically collected and may be shared with other BNI or affiliated websites.  This information may include: your IP address, browser type and language, domain names,  access times, referring website addresses and the content of any undeleted cookies that your  browser previously accepted from us (see “Cookies” below). 
6. Cookies. When you visit our Sites, if you provide opt-in consent, we may use one or  more “Cookies” to make our Sites easier for you to use and to personalize your online  experience. Through the use of a cookie, we also may automatically collect information about  your online activity on our Sites, such as the web pages you visit, the links you click, and the  amount of time you spend on the Sites. You can withhold or withdraw consent, but if you  choose to decline cookies, you may not be able to sign in or use some of the features offered  on our Sites.
7. Other Technologies. We may use the ever-evolving Internet technology, such as web  beacons and other similar technologies, to track your use of our Sites. We also may include  web beacons in company e-mail messages, newsletters, .or notifications to determine  whether messages have been opened and/or acted upon. This enables us to customize the  services we offer our Sites visitors to deliver targeted advertisements and to measure the  overall effectiveness of our online advertising, content, programming or other activities.
8. Information From Other Sources. We sometimes supplement the information that we  receive that has been outlined in this Policy with information from other sources and  companies. Such outside information includes updated delivery and address information  from carriers or third parties, which enables us to correct our records and deliver, for  example, future communications more easily; account information, purchase or redemption  information, and page-view information from some merchants with which we operate co branded businesses or for which we provide technical, fulfilment, advertising, or other  services; search term and search result information from some searches conducted through  the Web search features; search results and links, including paid listings (such as Sponsored  Links from Google); and credit history information from credit bureaus, which we use to help  prevent and detect fraud and to offer certain credit or financial services to some customers.

How your personal data is used and the legal basis for its processing

With your consent, we primarily use your personal data to fulfil our contract to provide support or service offerings to you.

1. Contractual Necessity. On the basis of contractual necessity, we process the personal  data of members and membership applicants to:

• manage your account and provide you with customer support;

• enforce our terms and conditions;

• manage our business; 

• enable and leverage the Sites to provide you functionality; 

• process payment for any purchases, subscriptions or sales made on our Site, and to  protect you and ourselves against, or identify, possible fraudulent transactions, and  otherwise as needed to manage our business.

• Legitimate Interest. In our legitimate interests in the maintenance and development  of our business, we may process your data to:

• perform research and analysis about your use of , or interest in, our products, services,  or content, or products, services or content offered by others; this information may  be used, by way of example only, to help us understand the demographics of our  members, identify chapters with openings for certain professions, inform future  marketing campaigns and judge the success of these marketing campaigns, and judge the success of members and identify coaching strategies.

• cross market your services/products with our services and our affiliates’ services;

• verify your eligibility and deliver online and/or offline in connection with contests and  sweepstakes;

• protect and defend the rights or property of BNI or one of BNI’s referral networks.

C. Provide better service for you

• providing your email address and other information to our business partners for offers  to you of products, services, promotions, contests and/or sweepstakes;

• sending you email notifications and/or newsletters;

• creating and operating cookies on your devices when you visit our websites;

• processing your personal data for the purposes as described in this Policy.

You have the right to withdraw your consent at any time by emailing us at legal@bni.com. 

• Legal Necessity. When legally necessary, we may also process your personal data:

• to establish or exercise our legal rights, or to defend against legal claims;

• to comply with and demonstrate BNI’s compliance with applicable legal requirements, including but not limited to: franchise operation laws, tax laws, anti-money laundering regulations, and data retention requirements.

Please note: You have the right to choose one, some, or all of the purposes for which we may use your Personal Data as listed above. However, please be aware that your refusal to consent to these purposes may impact your ability to use our services, as they are necessary to protect your interests and ensure the effective operation of BNI.

In addition to the purposes listed above, if we need to use your personal data for any other purpose, we will notify you in advance and only proceed with your consent.

However, under legal provisions, BNI reserves the right to process data without your consent in the following circumstances:

• In emergencies requiring immediate processing of personal data to protect the life or health of you or others.
• When disclosure of personal data is mandated by law.
• When data processing is conducted by competent state agencies in emergencies involving national defense, national security, public order, large-scale disasters, dangerous epidemics, or potential threats to security and defense that do not yet warrant a formal state of emergency declaration; as well as in cases involving anti-riot, anti-terrorism, crime prevention, and law enforcement activities as required by law.
• To fulfill the contractual obligations of you with relevant agencies, organizations, or individuals as stipulated by law.
• To support the operations of state agencies as prescribed by sector-specific laws.

Data retention

We will carry out the processing of your Personal Data as soon as you begin to provide your Personal Data or when we collect your Personal Data as stipulated above. Your data will only be retained for as long as necessary to fulfil the purposes for which it was  obtained and/or meet any applicable legal obligations. After such a reasonable period of time, BNI will irrevocably delete your Personal Data. We will take all reasonable steps to ensure that your Personal Data is not retained for longer than necessary and we will always comply with the requirements of Vietnamese laws and regulations relating to the retention of Personal Data. Please see our Data Retention Policy,  accessible at http://bnitos.com/retention.html for more information.

We take reasonable and appropriate technical and organizational measures to safeguard your  Personal Data against any breach, unauthorized or illegal access, alternation, disclosure or, deletion, such as identity verification, encryption, access control, malicious codes resistance, security audit. 

How your personal data is disclosed

With your consent, we may share personal data with:

1. Authorized Service Providers. Authorized service providers performing services on our  behalf, e.g., processing credit card payments, delivering products and services, providing  customer service and marketing assistance, performing business and sales analysis,  supporting our Sites’ functionality, and supporting other features and promotions offered  through our Sites.
2. Business partners. From time to time, we may offer products, services, promotions, contests and/or sweepstakes on our Sites and share personal data with the businesses with  which we partner to provide these offers. 
3. Franchisees. If you are a BNI member or a non-member, we may share your personal  data with BNI Master Franchisees or (Sub)franchisees of BNI, who are the controller and processor or the processor of data  (“Data Controller or Processor”) with us. We may direct you to a BNI Chapter or potentially provide you  with additional information about franchise opportunities based on your interest. As Data Controller or Processor, Master Franchisees and (Sub)franchisees have separate obligations for implementing appropriate technical and organizational measures to ensure and to  demonstrate that their processing activities are compliant with the Vietnam’s Decree Protection of Personal Data (“PDPD”).
4. Members. We and our authorized third-party agents may share your Personal Data and member performance data with other members, chapters, and the entire BNI System.  This includes (a) displaying your personal information as a way of marketing your business on  BNI Connect®, and (b) sharing your performance data via BNI Connect®, BNI® University, and  any other web platforms or techniques we may, separately or through authorized third-party  agents, choose to utilize or develop in the future related to the core business of networking  and passing referrals.
5. Other Situations. We may also disclose your information:

• under a legal obligation, including but not limited to, a subpoena or court order;

• under legal authority to respond to requests for cooperation from a law enforcement  or other government agency (including civil and criminal matters);

• to prevent illegal activity, to prevent imminent bodily harm, or to protect ourselves  and you from people violating our Terms of Service, accessible at  http://bnitos.com/tos_google.html. This may include sharing personal data with, for  example, other companies, lawyers, courts or other government entities where  applicable;

• in connection with a substantial corporate transaction, such as the sale of our  business, a merger, divestiture, consolidation, or asset sale, though in any event, any acquiring entity or other third-party assignee will be bound by the provisions of this  Policy;

• to protect and defend the rights or property of BNI or one of BNI’s referral networks;  and, act under exigent circumstances to protect the personal safety of members and  users of BNI, its Sites, or the public. This may include sharing personal data with, for  example, other BNI members, visitors, government health agencies, or other  government entities.

All the recipients of Personal Information as set forth above are required to take appropriate  security measures to protect your Personal Information in line with our Policies.

Any third parties to whom we may disclose Personal Data may have their own data protection and privacy notices/policies, which we encourage you to view on the websites of those third  parties.

Third Party SDK we use

Name of SDK application	Purpose of  Collection and Use	Personal Information  Collected via SDK	Sensitive Data Permission  Requested	Link to SDK Provider  Privacy Policy
Schoox	Member training	Member name,  member email  address	N/A	https://www.schoox .com/privacy.php
Marketo	Member marketing  communication and  management	Member name,  member email  address, phone  number, business  address, member  gender (optional)	N/A	https://www.adobe. com/privacy/policy. html
KCADI LTD	Data analysis and  reporting	Name, email, phone  number, business and billing address data,  business name,  member gender  (optional)	N/A	N/A

Third-Party Websites

There are a number of places on our Sites or through our services where you may click on a  link to access other websites that do not operate under this Policy. For example, if you click  on an advertisement or a search result on our Sites, you may be taken to a website that we do not control. These third-party websites may independently solicit and collect personal  data, from you and, in some instances, provide us with information about your activities on  those websites. We recommend that you consult the data protection and privacy  notices/policies of all third-party websites you visit.

Your Data Protection Rights

Under PDPD, you have the following rights

• You have the right to access, edit and adjust certain information by directly contacting BNI’s support department to make adjustments and corrections.
• You  have the right to directly contact BNI’s support to delete or destroy certain information.

Please note that deleting or destroying your Personal Data will not mean deleting all your information and data from BNI’s database and storage. Accordingly, BNI still has the right to store a certain amount of information and data necessary for you to provide related services and support or comply with BNI’s legal obligations or to resolve disputes related to you or protect the legitimate interests of BNI, you or another third party.

• You have the right to request BNI to limit the processing of your Personal Data in certain cases, for example when the information and data provided by you is not accurate, correct and appropriate. BNI will fulfill your request within 72 hours after receiving the request for all personal data that you seek to restrict.
• You have the right to object to BNI processing your Personal Data in order to prevent or limit BNI’s disclosure of your Personal Data or BNI’s use of this information for advertising or marketing purposes. BNI will fulfill your request within 72 hours after receiving the request for all personal data that you seek to restrict.
• You have the right to withdraw consent for BNI to process your Personal Data at any time. Your withdrawal of consent will not affect the lawfulness of any processing BNI carried out before you requested to withdraw consent.
• You have the right to request compensation for damages according to the law when violations of regulations on personal information protection occur, unless BNI and you have agreements on compensation according to products, specific services.
• You have the right to complain about our collection and use of your Personal Data when we do not meet your expectations. In this case, please provide full details. BNI will respond to complaints as soon as possible.

and you have the following responsibilities

• To comply with all applicable laws and BNI’s policies regarding the protection of your Personal Data.
• To provide accurate, complete, and up-to-date personal information. BNI will protect your personal data based on the information you provide. Therefore, BNI shall not be liable for any adverse effects or limitations to your rights resulting from any inaccuracies in the information you provide. You shall be responsible for any risks or losses arising from any failure to notify us of any changes.
• To cooperate with us, competent authorities, or third parties in the event of any issues affecting the security of your personal data.
• You are responsible for protecting your personal data and shall promptly notify us of any suspected or actual data breaches.
• You agree to respect the privacy of others.
• You shall be liable for any data breaches caused by your own actions or omissions.
• You agree to keep yourself informed of any changes to our privacy policy.

If you have an online account with us, you have the ability to review and update your Personal  Data online by logging into your account. You can also review and update your Personal  Data and exercise your other rights by contacting us. More information about  how to contact us is provided below.

If you have an online account with us, you also may choose to close your account at any time  by emailing us at legal@bni.com. If you close your account, we may still retain certain  information associated with your account for analytical purposes and record keeping  requirements per our Data Retention section above as well as to prevent fraud, collect any  fees owed, enforce our Terms of Service, or take other actions otherwise permitted by law.  In addition, if certain information has already been provided to third parties as described in  this Policy, retention of that information will be subject to those third parties’ policies. 

If you are not satisfied with our response or are otherwise concerned with how we process  your Personal Data, you also have the right to make a complaint to the Ministry of Public Security.

Prohibited conduct for you

• To post information repeatedly (spam) on the same or different categories.
• To copy, edit, reproduce, create new products or derivative versions based on the Site.
• To sell, assign, sublicense, disclose or otherwise transfer or make available any part or all of the Platform to any third party.
• To redesign, compile, disassemble, modify, reverse engineer the BNI’s Site.
• To use the Site to perform any action that is harmful to BNI’s network security system, including but not limited to using data or accessing the system server or account without permission; accessing the network system to delete, edit and add information; distributing malicious programs, viruses or performing any other action intended to harm or destroy the network system.
• To use the Site to post, transfer, transmit or store information that violates the law, ethics, culture or history.
• To disclose any other personal or organizational information, including but not limited to address, phone number, e-mail, credit card number or any information that can be used to track, contact or impersonate that individual or organization.
• To attempt to impersonate any other party including but not limited to other users  using the BNI’s Site.
• Other acts that violate BNI’s regulations; legal regulations; or infringe upon the interests of a third party.

Communities and Forums Offered on our Sites

We may provide areas on our Sites where you can post information about yourself, including  your name and email address, communicate with others; upload content; and post  comments. Such postings are governed by our Terms of Service. Also, whenever you  voluntarily disclose personal data on our Sites, that data will be available and can be collected  and used by others who have authorized access to your content. 

Any personal data that you disclose through our Sites, or other online forums hosted on our Sites, may  be collected and used by others. We recommend caution when giving out Personal Data to others in  these online forums. 

Children’s Privacy

Our Site is a general audience site not intended for use by children, and we do not knowingly  collect personal data from children. You may access our Sites only if you are of legal age to  lawfully form a binding contract. 

Transfers of Personal Data Outside Vietnam

The global extent of BNI’s business necessitates the transfers of personal data to its  franchisees, members, and business partners and service providers on a worldwide basis. 

With your separate consent, we may share, transfer, or store your Personal Data outside of Vietnam, provided that we are assured of adequate protection levels to safeguard the integrity and security of your data or that appropriate security measures are implemented in compliance with legal requirements. For instance, we may enter into agreements with the recipients of your Personal Data. In all cases, we will ensure that the receiving entity manages your personal data responsibly, maintaining the same level of protection it receives in Vietnam.

Data Privacy Framework

For transfers out of the EU and Switzerland and to the United States of America, BNI Global,  LLC has self-certified that it complies with the EU-US Data Privacy Framework Principles (EU US DPF) and the Swiss-US Data Privacy Principles (Swiss-EU DPF) as prescribed by the US  Department of Commerce pertaining to the notice, choice, accountability, security, data  integrity and purpose limitation, and recourse, enforcement and liability principles. BNI’s U.S.  subsidiaries adhering to the EU-US DPF and the Swiss-US DPF are: BNI Connect Global, LLC,  BNI Franchising, LLC, BNI Global, LLC, BNI Global Holdings LLC, BNI Holdings, LLC, BNI  Intermediate Holdings, LLC, BNI International Holdings CTB, LLC, BNI Ultimate Holdings LLC,  Corporate Connections Franchising, LLC, Corporate Connections Global, LLC, and Scion Social  Holdings LLC.

Additional information on the EU-US DPF and the Swiss-US DPF can be viewed at  https://www.dataprivacyframework.gov/s/ . The Federal Trade Commission (FTC) has  jurisdiction over BNI’s compliance with the EU-US DPF and the Swiss-US DPF. BNI will annually  renew its EU-US DPF and the Swiss-US DPF self-certification to help ensure the treatment of  all personal data continues to be accurate and processed in accordance with the EU-US DPF  and the Swiss-US DPF principles. In cases of onward transfer to third parties of EU and Swiss  Personal Data received pursuant to the EU-US DPF and Swiss-US DPF, BNI is potentially liable.  All questions or complaints regarding the processing and use of personal data should be  directed to legal@bni.com.

BNI has elected JAMS as its independent dispute resolution mechanism in accordance with  requirements set forth by EU-US DPF and the Swiss-US DPF. If questions or complaints are not  resolved satisfactorily through contacting BNI, you can file a complaint with JAMS at https://www.jamsadr.com/dpf-dispute-resolution.

You may have the option to select binding arbitration for the resolution of your complaint  under certain circumstances, provided you have taken the following steps: prior to initiating  an arbitration claim: (1) raised the claimed violation directly with BNI and afforded us the opportunity to resolve the issue within the timeframe set forth in section (d)(i) of the  Supplemental Principle on Dispute Resolution and Enforcement; (2) made use of the  independent recourse mechanism under the Principles, at no cost to you; and (3) raised the  issue through your Data Protection Authority (DPA) to the US Department of Commerce and afforded the US Department of Commerce an opportunity to use best efforts to resolve the  issue within the timeframes set forth in the Letter from the Department’s International Trade  Administration, at no cost to you. 

When you process payments related to the use of our services, your payment information will be collected and stored by licensed payment partners (“Payment Partners”) operating legally in Vietnam.

Your payment information is stored by BNI in the form of tokens (data strings encrypted by the Payment Partners). BNI will not store any information related to cards/cardholders/card transactions in any form, including but not limited to: card numbers, card expiration dates, PIN codes, card verification codes, and all information on magnetic stripes/chips.

When you make payments related to the use of services, the card payment system will record and process their payment information. The card payment system is provided by Payment Partners and ensures compliance with industry security standards and relevant regulations.

The payment transaction policy for international cards and domestic cards (internet banking) ensures compliance with the standards of Payment Partners, including:

Your financial information will be protected throughout the transaction process using SSL (Secure Sockets Layer) protocol. The SSL protocol will encrypt the information provided by you during the transaction.

• Certification of Payment Card Industry Data Security Standard (PCI DSS) provided by Trustwave.
• International card number encryption feature (Tokenization).
• One-time password (OTP) sent via SMS to ensure account access is authenticated.
• 128-bit MD5 encryption standard.
• Security principles and regulations for information protection in the banking and finance sector as prescribed by the State Bank of Vietnam.

The transaction security policy for payments at BNI applies to you:

• BNI provides a token storage facility that only stores the encrypted string provided by the Payment Partner.
• BNI does not directly store your card information. The security of your payment card information is performed by a licensed Payment Partner.
• For international cards: Your payment card information that can be used to establish transactions is not stored on BNI’s system but will be stored and secured by the Payment Partner.
• For domestic cards (internet banking), BNI only stores order code, transaction code and bank name.

BNI ensures that the process, system of data backup and recovery when the information system serving payment activities has problems, your payment information via this website is not changed, deleted, destroyed, copied, moved illegally or misappropriated.

Changes to this Policy

We will occasionally update this Policy to reflect changes in our practices and services. When  we post changes, we will revise the “Last Updated” date at the top of the Policy. If we make  any material changes in the way we collect, use, and/or share your personal data, we will  notify you email to the email address you most recently provided us in your account, profile  or registration if we have such an email address, and/or by prominently posting notice of the  changes on our Sites. You need to confirm your consent to the changes in the Policy before continuing to use by checking the agreement box. We  recommend that you check our Sites from time to time to inform yourself of any changes in  this Policy.