Logo FireGroup
All Jobs
PERSONAL DATA PRIVACY POLICY
Back to home
Contents hide
1. Purpose of this Poilcy
2. Definitions
3. Scope of application and data subjects
4. Data controller and data processor:
5. Purposes of personal data processing
6. Categories of personal data collected and processed
7. Legal basis and consent:
8. Storage, sharing and transfer of personal data
9. Data retention
10. Rights and obligations of the data subject
11. Security measures
12. Effective date
How can you reach us?

This personal data privacy policy provides information on how FireGroup Technology (FireApps Technology Joint Stock Company or “FireApps” or the “Company”) processes personal information that it receives when you apply for a position, refer a Candidate, or are being considered for a role at FireGroup.

This policy is established in accordance with the following applicable legal instruments and internal operational needs:

  • Law on Personal Data Protection No. 91/2025/QH15 dated 26 June 2025;
  • Labour Code No. 45/2019/QH14 dated 20 November 2019;
  • Decree No. 13/2023/ND-CP dated 17 April 2023 of the Government on personal data protection; and
  • The Company’s recruitment and human resources management needs.

1. Purpose of this Poilcy

For the purpose of strengthening information security, protecting the lawful rights and interests of data subjects, and ensuring compliance with applicable personal data protection regulations, FireApps Technology Joint Stock Company hereby issues and implements the “Personal Data Collection, Processing and Protection Policy” (the “Policy”).

This Policy applies to internal employees and Candidates participating in recruitment activities at the Company.

2. Definitions

  • “Personal Data”: information in the form of symbols, letters, numbers, images, sounds or similar forms that is associated with, or helps identify, a specific individual.
  • “Processing of Personal Data”: one or more operations performed on personal data, including collection, recording, storage, modification, extraction, use, sharing, disclosure, transfer, deletion, or destruction of personal data.

3. Scope of application and data subjects

This Policy applies to the following individuals (collectively referred to as “you” or the “Data Subject”):

  • Employees: Individuals working at the Company under any form of employment relationship, including but not limited to permanent employees, probationary employees, interns and collaborators (if any).
  • Candidates: Individuals who submit applications and/or personal information to participate in the Company’s recruitment process, or who are contacted by the Company for recruitment purposes via recruitment channels, the Company’s website, email, recruitment platforms, recruitment partners and other lawful sources.

4. Data controller and data processor:

FireApps Technology Joint Stock Company is the personal data controller and personal data processor in accordance with applicable law.

The Company may engage and/or authorize internal units and third parties (including, but not limited to, ATS/HRIS platforms, data storage systems and recruitment service providers) to process personal data on the basis of lawful contracts or authorizations and subject to appropriate confidentiality and data protection obligations.

5. Purposes of personal data processing

Depending on your status as an Employee or a Candidate, the Company processes your personal data for the following purposes:

  • Receiving, reviewing, evaluating and contacting Candidates; arranging interviews and assessments; notifying recruitment results; and retaining Candidate profiles for future suitable positions (if any);
  • Entering into, performing and managing employment relationships; managing personnel records, payroll, bonuses, benefits, insurance, tax matters, training, performance evaluation, labor discipline (if any), asset management and other lawful internal administrative activities;
  • Performing reporting, statistics, internal audits, handling complaints and enquiries, fraud prevention, system security assurance and compliance with legal obligations; and
  • Other lawful purposes serving the Company’s recruitment and human resources management activities in accordance with applicable law.

6. Categories of personal data collected and processed

The personal data that the Company may collect and process includes, without limitation:

  • Identification information: full name, date of birth, gender, personal image, national ID card/citizen ID/passport number, nationality (if any);
  • Contact information: telephone number, email address and contact address;
  • Recruitment and professional information: CV, education background, work experience, skills, certificates, portfolio, reference letters (if any), expected salary, interview and assessment results;
  • Human resources management information (for Employees): employment contracts and appendices, salary, bonus and benefits information, social insurance, health insurance and unemployment insurance information, personal income tax information, dependent information (if any), training records, performance evaluation records, work-related information and other data generated during the course of employment for legitimate management purposes.

Where the processing of sensitive personal data is required under applicable law (if any), the Company will notify you and obtain your separate consent prior to such processing in accordance with legal requirements.

7. Legal basis and consent:

  • The processing of your personal data is carried out based on your voluntary and explicit consent and/or other lawful grounds as prescribed by applicable law (where applicable).
  • Your signing of the personal data collection, processing and protection acknowledgement or your electronic confirmation (for example, selecting “Agree” on an electronic form) shall be deemed as your lawful consent for the Company to process your personal data in accordance with this Policy.

8. Storage, sharing and transfer of personal data

  • Personal data is stored on the Company’s systems and/or the systems of authorized partners and service providers and is protected by appropriate security measures.
  • Personal data may be shared internally within the Company on a need-to-know basis in order to fulfil the purposes set out in Section 5 of this Policy.
  • Personal data may be shared with partners and service providers under lawful authorizations or contracts for recruitment, human resources management, system operation and
  • legal compliance purposes, subject to corresponding confidentiality and data protection requirements.
  • Personal data may be disclosed to competent state authorities or other parties where required or permitted by applicable law.

9. Data retention

  • For Employees: personal data is retained in accordance with statutory retention periods applicable to employment records, accounting, tax and insurance documents and other relevant legal requirements, or in accordance with the Company’s lawful internal regulations.
  • For Candidates: personal data is retained for a maximum period of thirty-six (36) months from the end of the recruitment process, unless you request earlier deletion or unless otherwise required by applicable law.

10. Rights and obligations of the data subject

  • You have the rights prescribed by law, including: the right to be informed; the right to access and provide information; the right to correct and update personal data; the right to delete personal data; the right to request restriction of processing; the right to withdraw your consent; and the right to lodge complaints or denunciations upon discovering violations.
  • The withdrawal of consent or the request for restriction of the processing of personal data must be made in writing, including in electronic form or other verifiable formats, and must be sent to the personal data controller and the personal data controller and processor as specified in this Policy.
  • You have the obligation to provide truthful, accurate and complete information, and to promptly notify the Company of any changes so that the Company may update such information for recruitment and human resources management purposes.
  • Other obligations as prescribed by applicable law.

11. Security measures

The Company implements appropriate technical, administrative and organizational measures to protect personal data against unauthorized access, use, disclosure, alteration or destruction.

However, the transmission of data over the Internet may involve certain inherent risks. The Company will apply reasonable safeguards within its control.

12. Effective date

This Policy takes effect on 01 January 2026 and applies consistently to Employees and Candidates as specified in this Policy.

How can you reach us?

If you would like to ask about, make a request relating to, or complain about how we process your personal information, please contact FireGroup via email [email protected]

We will process your request in accordance with the provisions of this Policy and our internal procedures at the time being, in accordance with applicable law.