Parkchung Privacy Policy

1. Principles & Applicable Law

  1. We process personal data of users (including Drivers, Suppliers, and other users of the Service) in compliance with Vietnam's personal data protection regulations, including Decree 13/2023/ND-CP ("PDPD"), and other applicable laws and guidance.
  2. We follow core data protection principles such as purpose limitation, data minimisation, accuracy, storage limitation, security, and transparency, and we process data only to the extent necessary for operating the Service.

2. Data We Collect

We may collect and process the following categories of data, limited to what is necessary for the stated purposes.

1. Account Data (primarily Drivers and Suppliers)

  • Name, phone number, email address
  • Login ID, password
  • Language preferences, notification settings, and other account configurations

2. KYC and Payment Data (primarily Suppliers)

  • ID information (name, address, date of birth, ID number, etc.)
  • Bank account details and payment account information
  • Documents evidencing rights to operate parking spaces (ownership, lease, management agreements, etc.)
  • Information required for invoicing (company name, tax code, registered address, etc.)

3. Booking, Payment, and Settlement Data

  • Booking ID, date/time, parking location, start/end time, vehicle details
  • Online payment details: amounts, methods, statuses, refunds, chargebacks
  • Reported cash/onsite sales for Pay-at-Location transactions, sales summaries and details used for Margin settlement with Suppliers

4. Technical and Log Data

  • Device information, browser and OS details, IP address
  • Access logs, error logs, and usage logs
  • Identifiers and browsing data obtained through cookies, SDKs, pixels, and similar technologies

5. Support and Communication Data

  • Contents of inquiries and support requests
  • Records of complaints and dispute handling (summaries of calls, chats, emails, etc.)

6. Parking Information from Public Sources

  • Publicly available parking information (name, address, phone number, website, opening hours, fees, etc.)
  • Publicly available contact details of parking operators or contact persons (e.g., name, email, phone number as disclosed on business websites or social media profiles)
  • To the extent such information relates to an identifiable individual, we treat it as personal data and process it in accordance with this Policy and the PDPD.

3. Legal Bases & Purposes

1. We use personal data for the following purposes:

  • Service Operation
    • Displaying parking information and providing search functionality
    • Enabling online booking and sending booking confirmations
    • Enabling online payment and performing monthly or periodic settlements
    • Creating and managing user accounts and performing authentication
  • Supplier Payouts, Accounting, Tax, and Audit
    • Settling Margins based on online and onsite (cash) transactions
    • Maintaining records for bookkeeping, tax filings, and audits
  • Identity Verification, Fraud Prevention, and Security
    • KYC and preventing impersonation
    • Preventing payment fraud and handling chargebacks
    • Monitoring systems, analysing access logs, and responding to incidents
  • Customer Support, Complaints, and Dispute Resolution
    • Handling inquiries and troubleshooting
    • Managing complaints and disputes in line with our Terms of Service and Dispute Resolution Policy
  • Service Improvement, Analytics, and Product Development
    • Analysing usage patterns, improving UI/UX, and developing new features
    • Primarily using anonymised or aggregated data; where personal data is used, we rely on an appropriate legal basis such as consent or legitimate interests, as permitted by law
  • Marketing, Advertising, and Measurement
    • Sending information about our services, promotions, and campaigns
    • Measuring advertising performance, attribution by channel, and anti-fraud measures
    • Where required by law, we obtain prior consent and provide opt-out mechanisms
  • Legal Compliance and Protection of Rights
    • Complying with legal and regulatory obligations and responding to lawful requests
    • Protecting the rights, property, and safety of the Company, users, and third parties

2. The main legal bases on which we process personal data include:

  • Performance or preparation of contracts with Drivers and Suppliers (e.g., to provide the Service and handle bookings and settlements);
  • Users' consent, particularly for marketing, certain analytics, and cross-border transfers where required;
  • Compliance with legal obligations (e.g., tax, accounting, regulatory reporting);
  • Protection of vital interests of users or third parties;
  • The Company's legitimate interests, such as operating a safe and efficient marketplace, preventing fraud, and improving the Service, where such interests are balanced against users' rights and freedoms in accordance with the PDPD.

4. Sharing and Processors

  1. We may share or entrust personal data to third parties on a need-to-know basis under appropriate data processing agreements that include purpose limitation, security measures, sub-processor controls, and audit rights. These third parties include:
    1. 1. Payment, Financial, and KYC Providers: payment processing, chargeback handling, identity verification;
    2. 2. IT and Cloud Providers: system development and maintenance, hosting, backup, monitoring, logging, analytics;
    3. 3. Marketing and Channel Partners: referrals and acquisition, joint campaigns, attribution and fraud detection, coordinated customer support;
    4. 4. Professional Advisors and Authorities: lawyers, accountants, auditors, and public authorities where disclosure is required by law.

5. Cookies, SDKs, and Pixels

  1. We use cookies, SDKs, pixels, and similar technologies for convenience, fraud prevention, analytics, and advertising/measurement purposes.
  2. You may disable cookies through your browser or device settings; however, some features of the Service may not function properly if cookies are disabled.
  3. Where required by law, we will obtain consent for the use of such technologies and provide mechanisms for managing preferences and opting out.

6. Cross-Border Transfers

  1. We may transfer personal data to, or store and process personal data in, countries outside Vietnam, for example where our cloud providers or group entities are located.
  2. Where we conduct cross-border transfers, we will comply with the PDPD, including, as applicable:
  • preparing and maintaining data transfer impact assessments;
  • obtaining appropriate consents from data subjects; and
  • implementing contractual safeguards with recipients to ensure adequate protection of personal data.

7. Retention

  1. We retain personal data only for as long as necessary to fulfil the purposes described above or as required by applicable laws (e.g., tax and accounting retention requirements).
  2. When personal data is no longer needed, we will delete or anonymise it using appropriate and secure methods.

8. Data Subject Rights

1. Under the PDPD and other applicable laws, you may have the following rights:

  • the right to be informed;
  • the right of access;
  • the right to rectification and update;
  • the right to deletion;
  • the right to restriction or suspension of processing (which we will implement, in principle, within 72 hours);
  • the right to request provision or portability of data where applicable;
  • the right to object to processing;
  • the right to withdraw consent (without affecting the lawfulness of processing before the withdrawal);
  • the right to complain, denounce, litigate, claim damages, and otherwise protect your legitimate rights and interests.

2. To exercise these rights, please contact us using the details in Clause 11. We will respond in accordance with applicable laws within a reasonable timeframe.

9. Children's Data

  1. Our Service is generally intended for adult users; however, where we process children's personal data, we will apply enhanced safeguards in accordance with the PDPD.
  2. Under Vietnamese law, for children aged 7 or older, processing personal data may require consent from both the child and their parent/guardian.

10. Security Measures

We implement organisational, technical, and physical safeguards to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure, including:

  • access control based on the principle of least privilege;
  • encryption of communications and databases where appropriate;
  • logging and audit trails, vulnerability management;
  • employee and contractor training and confidentiality obligations;
  • incident reporting, remediation, and prevention procedures.

11. Data Protection Officer (DPO) / Contact

  1. We have appointed a Data Protection Officer (or equivalent responsible department) to oversee compliance with data protection laws.
  2. For any questions about this Policy or to exercise your rights, please contact:

Email: contact@parkchung.com (attn: DPO / Data Protection Team)

12. Changes & Language

  1. We may update this Policy from time to time. Material changes will be communicated in a reasonable manner, and, unless otherwise specified, will take effect upon posting on our website.
  2. This Policy is prepared in Japanese, English, and Vietnamese. In case of any discrepancy among versions, the Vietnamese version shall prevail.
  3. Nothing in this Policy limits any mandatory rights of users under Vietnamese consumer protection or data protection laws.