Privacy Policy

1. Introduction

VIET SOFTWARE STAFF COMPANY LIMITED (doing business as "RESTAFF" or "VIETSTAFF., LTD", "we," "our," or "us") is committed to protecting the privacy and confidentiality of information provided by users of our website. This Privacy Policy outlines how we collect, use, maintain, and disclose information collected from users of our website.

This policy has been developed in accordance with The General Data Protection Regulation (EU) 2016/679 (GDPR), industry best practices, and ISO standards including ISO 27001 (Information Security Management Systems) and ISO 29100 (Privacy Framework). It provides you with comprehensive information about your rights and our obligations concerning your personal data.

2. Information Collection and Lawful Basis for Processing

Personal Information

We may collect personal information from users in various ways, including, but not limited to, when users visit our site, register on the site, fill out a form, and in connection with other activities, services, features, or resources we make available on our site. Users may be asked for, as appropriate, name, email address, phone number, and other relevant information.

We process this information based on one or more of the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal obligation: Where processing is necessary for compliance with a legal obligation
  • Legitimate interests: Where processing is necessary for the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms

Non-Personal Information

We may collect non-personal information about users whenever they interact with our site. Non-personal information may include the browser name, the type of computer, and technical information about users' means of connection to our site, such as the operating system and the Internet service providers utilized, and other similar information.

3. Consent

We will process your personal data based on your consent when required by law. By using our website, you consent to our collection and use of information as described in this Privacy Policy.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services. You may withdraw your consent at any time by contacting us using the information in the "Contacting Us" section.

Your consent must be freely given, specific, informed, and unambiguous. Where we rely on consent to process your personal data, we will make this clear to you at the point of collection.

4. How We Use Collected Information

VIETSTAFF., LTD may collect and use users' personal information for the following purposes:

  • To improve customer service
  • To personalize user experience
  • To improve our site
  • To process payments
  • To run a promotion, contest, survey, or other site feature
  • To send periodic emails
  • To communicate with clients regarding projects and services

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

5. How We Store and Secure Information

Data Storage and Hosting

Data security is our top priority. All data you may share with us is fully encrypted both in transmission and at rest. Restaff 's website user content, and data backups are securely hosted on Amazon Web Services platform ("AWS"). The physical servers are located in AWS Regions:

  • The "US West" Region in Oregon, USA. For more information on how we protect your data, please see our Security Policy.

Security Measures

We have implemented technical and organizational measures in accordance with ISO 27001 Information Security Management standards, including:

  • Encryption of personal data in transit using TLS and at rest using AES-256
  • Multi-factor authentication for system access
  • Regular security assessments and penetration testing
  • Strict access controls based on least privilege principles
  • Security awareness training for all staff
  • Comprehensive monitoring and logging
  • Physical security controls at our data centers

Data Breach Response

We have established procedures to address any suspected personal data breach and will notify you and applicable regulators within 72 hours of becoming aware of it, as required by GDPR Article 33.

6. Sharing Your Personal Information

We do not sell, trade, or rent users' personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above.

We may also share your personal data with:

  • Service providers who provide IT and system administration services
  • Professional advisers including lawyers, bankers, auditors, and insurers
  • Regulators and other authorities who require reporting of processing activities in certain circumstances
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Third-Party Websites

Users may find advertising or other content on our site that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our site, is subject to that website's own terms and policies.

We are not responsible for the privacy practices or the content of such websites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

8. Your Data Protection Rights

Under the GDPR, if you are an EU resident, you have the following rights:

  • Right to information - You have the right to know how we process your personal data.
  • Right of access - You have the right to request a copy of the information that we hold about you.
  • Right of rectification - You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten - In certain circumstances, you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing - You have the right to request that we restrict the processing of your personal data.
  • Right of portability - You have the right to have the data we hold about you transferred to another organization.
  • Right to object - You have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing - You have the right not to be subject to automated decision-making including profiling.

To exercise any of these rights, please contact us using the information provided in the "Contacting Us" section. We will respond to your request within 30 days. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

9. Your Acceptance of These Terms

By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.

10. International Data Transfers

Our operations are located primarily in Vietnam. If you provide information to us, the information will be transferred out of the European Union (EU) and sent to Vietnam. By submitting personal data to us, you are consenting to its storage and processing in Vietnam in accordance with this Privacy Policy.

In accordance with Chapter V of the GDPR (EU) 2016/679, we ensure all international transfers of personal data use appropriate safeguards, including:

  • Implementing Standard Contractual Clauses (SCCs) approved by the European Commission
  • Conducting transfer impact assessments as required by GDPR
  • Processing data in compliance with GDPR principles
  • Implementing ISO 27001-aligned security measures
  • Ensuring all sub-processors adhere to equivalent data protection standards
  • Using secure, encrypted data transmission channels

Upon request, we can provide more information about specific mechanisms used for your data transfers.

11. Data Retention and Management

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention Periods

Our data retention policies, developed in accordance with GDPR Article 5(1)(e) and ISO 27001 controls, define specific retention periods for different data categories:

  • Account information: Duration of your relationship with us plus 2 years
  • Application and recruitment data: 2 years after last interaction
  • Transaction data: 7 years (to comply with accounting regulations)
  • Marketing preferences: 3 years after last interaction
  • Website usage data: 26 months

Retention Criteria

We determine appropriate retention periods based on:

  • Data sensitivity and volume
  • Risk of harm from unauthorized disclosure
  • Processing purposes and potential alternatives
  • Legal requirements and industry standards

Data Minimization

We regularly review our data holdings to ensure we only retain what is necessary. When data is no longer required, it is securely deleted or anonymized using ISO-compliant techniques.

12. Cookies and Tracking Technologies

Our site may use "cookies" to enhance user experience. Users' web browsers place cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Users may choose to set their web browser to refuse cookies or to alert them when cookies are being sent. If they do so, note that some parts of the site may not function properly.

We use the following types of cookies:

  • Essential cookies: Required for the operation of our website
  • Analytical/performance cookies: Allow us to recognize and count visitors and analyze website use
  • Functionality cookies: Used to recognize you when you return to our website
  • Targeting cookies: Record your visit to our website, the pages you visit, and the links you follow

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, some parts of this website may become inaccessible or not function properly.

13. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of Vietnam. However, where mandatory laws of the European Union or the laws of another jurisdiction apply to your use of our services, those laws will govern.

For EU residents, you also have the right to lodge a complaint with the local data protection authority in your jurisdiction if you believe we have violated the GDPR.

Any dispute arising out of or related to this Privacy Policy shall be resolved through good faith negotiations. If such negotiations do not resolve the dispute, either party may submit the dispute to the competent court in Vietnam.

14. Changes to This Privacy Policy

VIETSTAFF., LTD has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

When we make material changes to this Privacy Policy, we will notify you through a notice on our website or by email prior to the changes taking effect.

15. Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, your dealings with this site, or wish to exercise any of your data protection rights, please contact us at:

VIET SOFTWARE STAFF COMPANY LIMITED (VIETSTAFF., LTD) Centec Tower, 18-19th Floor 72-74 Nguyen Thi Minh Khai Street Vo Thi Sau Ward, District 3 Ho Chi Minh City 70000, Vietnam

For general inquiries: post@restaff.no

For support: support@restaff.no

Hotline: +84 28 6684 4668

Compliance Certifications

We maintain ongoing compliance with:

  • The General Data Protection Regulation (EU) 2016/679
  • ISO 27001 Information Security Management System
  • ISO 29100 Privacy Framework principles

For verification of our compliance certifications, please contact our Data Protection Officer.

Last Updated: March 15, 2025