Visang Education Co., Ltd. (hereinafter referred to as the “Company”) values and is committed to protecting Users’ personal information. The Company complies with statutory sources relating to personal information protection such as Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and General Data Protection Regulation (GDPR), a set of international regulations, as well as the Guideline for Handling Personal Information that the Company enacted based on the authority of relevant laws and regulations, which is disclosed on the Internet Site and mobile application so that Users can easily access and view at any time.

Users may refuse to give consent to collection, use and provision of personal information if they do not wish to do so. However, we advise that the whole or part of the Service will not be available to Users who refuse to consent.

The Company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than set forth in the following, and if the purpose of use is changed, we will take the necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act:

1. Providing Service;

2. Member management and identification, confirmation of intention to subscribe membership, confirmation of User identity and age, prevention of unlawful use;

3. Developing new Services, providing various Services, processing of inquiries or complaints/disputes, and communicating notices;

4. Information delivery, marketing, and advertising at various events;

5. Preparing statistics on service usage records, access frequency and Service use, providing customized Service, and improving Services;

6. Preventing from and sanctioning against acts that impinges on the smooth operation of the Service, including unlawful use, and prevention of account misappropriation and fraudulent transactions.

The following terms used herein are defined as follows:

1. “Member” refers to a person who has subscribed Membership to the AllviA Edu Site (allviaedu.com) by providing personal information and thereby can use the classes and Services provided by the AllviA Edu’s Website (allviaedu.com).

2. “Service” refers to the service available on AllviA Edu’s Website (allviaedu.com) which Users can use regardless of the implementing terminal (including various wired and wireless devices such as PC, mobile, tablet PC).

3. “ID” refers to a combination of letters and numbers formulated by a Member and approved by the Company for the purpose of the Member’s identification and Service use, including the ID formulated by the Member.

4. “Password” refers to any English letters, numbers, etc., formulated by the Member and approved by the Company to confirm identity and protect information of the Member.

5. “Service for Charge” refers to various online digital contents and other Services provided by the Company that can be used by Members for certain fee through the AllviA Edu Website (allviaedu.com), including without limitation the information and advertisement posting services.

6. “IMEI (Intel Management Engine Interface)” refers to a 15-digit number embedded in a portable mobile terminal representing the unique serial number of the terminal. (It is encrypted and protected safely.)

7. “Unlawful Use” refers to copyright infringement and identity misappropriation or any other act prohibited by the Service User Agreement of the AllviA Edu Website (allviaedu.com) provided by the Company, or any wrongful act prescribed by a statute.

The Company collects, uses, provides, and destroys personal information in the following manner depending on the type of Service used. Furthermore, the Company invariably obtains the User's consent when collecting personal information that can personally identify the User. When the personal information processing policy is changed, such change is always notified to the User and posted publicly so that Users may check it from time to time.

1. Pursuant to the GDPR, if a Member resides in the European Economic Area (“EEA”), we rely on one of the following legal grounds for processing information about the Member.

① The Member has consented to the User Agreement;

② There is a legitimate interest; or

③ Processing of it is necessary to fulfill the Agreement with the Company,

obligations under law or regulations

2. The items of personal information to be processed by the Company and the period of retention and use are as set forth in the following table:

4. Period retention and use under the statutes and under the internal policies will be as follows:

1) Records on Membership subscription and management

- Retention period: Until Membership withdrawal (or until the following events come to an end, if applicable)

- If an investigation/inspection is in progress due to a violation of applicable laws, until such investigation/inspection is completed.

- Until settlement of receivables/payables arising from the Service use

2) Records on the provision of goods/Services: Until the completion of the supply of goods/Services and the completion of payment/settlement (however, in the case of the following items, until the end of the relevant item)

- Records on contract or withdrawal from subscription: 5 years

- Records on displayed advertisements: 6 months after the end of advertisement posting

- Records on payment and supply of goods: 5 years

- Records on consumer complaints or dispute resolution: 3 years

3) Retention of communication history confirmation data in accordance with Article 15-2 of the Communication Secrets Protection Act

- Computer communication, Internet log record, connection point tracking: 3 months

4) Company’s internal policy

- Records of unlawful use, etc.: 10 years

6. To guarantee the rights of Users, the Company may contact Users using User information for the purpose of Service advisory.

7. The information collected by the Company under this Article may be used for statistics and analysis as a consequence of using the Service.

1. While using Internet Services, access IP addresses, cookies, Service use records, etc. may be created and collected.

2. The Company collects cookie information and uses it to check whether Users are having access to each Service they have visited previously, and to confirm and answer User inquiries.

3. Users have the right to elect to accept cookies. Accordingly, you can permit all cookies by setting options in the web browser, or check each time a cookie is saved, or refuse to save any cookies. However, if you refuse to save cookies, you may have some difficulties in using certain part of Services that require login.

* How to set cookies (example)

① Internet Explorer: Tools at the top of the web browser → Internet Options → Privacy → Advanced

② Chrome: Settings menu on the right side of the web browser → Advanced settings at the bottom of the screen → Contents setting button for personal information → Cookies

Mobile application, web page, online consultation through customer center, event participation, etc.

The Company does not collect any personal information from a minor under the age of 14, and if such personal information is somehow collected, we may take reasonable steps to delete it from our personal information records.

1. The Company processes Users' personal information within the scope specified in this Guideline for Processing Personal Information, and will neither use it beyond the purpose of collection nor provide it to a third party without the User's prior consent. However, in the case of providing Members’ personal information to a third party, such as a partner company in the following manner to ensure the quality of our Service, we will notify the Member in advance of the third party’s name, personal information items to be provided, purpose of provision, retention period, etc. and seek to obtain individual consents of Members. Without consent, no information will be provided, and we will notify and seek Members’ consents even when such partner company is changed.

2. The Company will not provide the User's personal information to a third party without the User's consent. However, in this case, the Service use may be restricted. We would like to advise that this is a necessary part for providing quality Service and smooth use of the Service.

3. In any of the following cases, the Company may provide personal information to a third party without the User's consent:

1) If it is information necessary for preparing statistics, scientific research, preservation of public record, etc. in pseudonymous form containing no information that can be used to identify a specific individual;

2) If there is an inevitable reason required by the statutory provisions or law;

3) If it is requested by an investigation agency for the purpose of investigation in compliance with the procedures and methods prescribed by laws and regulations;

4) If it falls under Article 17 or 18 of the Personal Information Protection Act.

1. In its endeavor to provide enhanced Services, the Company may entrust the processing of personal information to a third party. The Company has established rules on necessary matters in compliance with applicable laws to ensure that personal information can be safely managed when entering into an entrustment contract. In addition, when entrusting the processing of personal information, the Company discloses the details of the entrusted subjects and the person who handles by such entrustment (hereinafter referred to as the 'Trustee’) so that Users can readily view them at any time. The same will apply when the contents of the entrusted work are updated or the Trustee is changed.

2. The details of entrusted work for personal information processing and domestic Trustees are as set forth below:

3. The Company transfers personal information overseas with a view to imparting to Users the stability of Service provision and the latest technology, and stores personal information acquired or created from Users in the database held by AWS (Amazon Web Services Inc.) (Singapore is the location for physical storage). AWS only conducts physical management of the server and cannot access the User's personal information.

1. Once the period of retention and use of personal information has elapsed, the Company destroys Users' personal information without delay.

2. Information that must be retained in accordance with the following related laws and regulations will be retained for the period specified in the statutes before being destroyed.

3. If a Member does not have a record of activities to use the Service for one year, the Company treats him/her as a dormant Member and, after serving a notification to the Member, immediately destroys his/her personal information in compliance with Article 39-6 of the Personal Information Protection Act.

4. The Company destroys personal information in the following methods to assure protection of personal information and prevention of damage caused by personal information leakage.

1) Personal information printed on paper is destroyed through shredding or incineration.

2) Personal information stored in the form of an electronic file is deleted using a technical method that does not allow reproduction of the record.

1. Every User has right to view and/or modify his/her registered personal information at any time and to request for cancellation (withdrawal) of his/her Membership if he/she is a Member. However, the Company may refuse the request for viewing, modification, or cancellation of Membership subscription if there is a legitimate public interest to do so, as exemplified below. In case of refusal, the Company will within 10 days send e-mail notification to the information owner explaining the reason for such refusal as well as advising on how to appeal.

- If viewing is prohibited or restricted by law

2. Once a User requests correction of errors in his/her personal information, that personal information will not be used or provided until the correction is completed. If the incorrect personal information has already been provided to a third party, the result of the correction will be notified to the third party.

3. The Company handles the personal information that has been canceled or deleted at the request of the User in accordance with this Guideline for Processing Personal Information and ensures that such personal information will not be viewed or used for any other purpose.

Acknowledging the value of Users' personal information, the Company makes the following endeavors in handling personal information.

① Establishment of internal management plan

- The Company has established and implemented an internal management plan as a set of standards for safe processing of personal information.

② Minimize the personal information staff

- The Company minimizes the number of employees who process personal information, and the PCs of the employees are so systemized that external Internet network is separated from its intranet to reduce the chance of personal information leakage. In addition, the Company has systematically established access control criteria for databases and personal information processing systems, which are under its continuous monitoring and due diligence.

③ Periodic Education

-We provide periodic education for personal information processors and emphasize the value of personal information by disseminating personal information issues to all employees company-wide.

④ Protection from Hacking or Viruses

- The system is installed in an area where access is controlled from outside to protect personal information from leakage or damage. Furthermore, periodic backups are conducted in preparation for loss of personal information, vaccine programs are used to prevent data leakage and damage.

⑤ Encryption of Personal Information

- An encrypted communication segment is used for transmitting Users’ personal information, and critical information such as password is encrypted using a secure encryption algorithm.

⑥ Physical Control

-Systems related to personal information processing are located in the off-limit area where access is controlled. Documents and auxiliary storage media containing personal information are stored in a secure place where locking devices are installed.

1. The personal information protection officer is the one tasked with protecting Users' personal information and preventing information leakage, who helps Users to use the Services provided by the Company with confidence, and bears responsibility for any deviation from the Company’s advisory to Users in protecting the personal information; except for damage or loss of information arising due to unexpected accidents such as natural disasters notwithstanding the Company having taken measures to secure the safety adequately, as well as various disputes caused by information provided by Users to the Company.

2. The Company hereby appoints personal information protection officer in accordance with the Personal Information Protection Act, as follows:

[Personal Information Protection Officer and Department in Charge]

A. Visang Education Co.,Ltd. appoints a personal information protection officer and operates a department in charge to take the general responsibility for handling Users’ personal information as well as resolving Users' inquiries and complaints.

B. Users may direct all inquiries related to personal information protection, complaint, and claim for damage, etc. that arise while using Visang Education’s Service to the personal information protection officer and the department in charge.

3. In relation to infringement of personal information, the information owner may inquire about remedies from damage and consulting to the following authorities. <The following authorities are independent units from the Company, so contact us if more information is needed.>

For EEA members, contact information for data protection authorities can be found at the link below

* https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Any addition, deletion or modification of the contents of this Privacy Policy will be notified through the Service notification at least seven days in advance, or immediately if any prior notice is difficult.

This Guideline for Processing Personal Information comes into force on October 15, 2021 and onward.

American Learning Lab (called ALAB) built the apps as FREE apps. This SERVICE is provided by ALAB at no cost and is intended for use as is.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at ALAB apps unless otherwise defined in this Privacy Policy.

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to ALAB. The information that we request will be retained on your devices and not collect by us AND/OR retained by us and used as described in this privacy policy.

The app does use third party services that may collect information used to identify you.

Link to privacy policy of third-party service providers used by the app

• Google Play Services
• Google Analytics for Firebase

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

We may employ third-party companies and individuals due to the following reasons:

• To facilitate our Service;
• To provide the Service on our behalf;
• To perform Service-related services; or
• To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 2022-04-12

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at developer@americanlearninglab.edu.vn.