Skip to Content

Data Protection

Privacy Policy

The protection of personal data is of particular importance to us. We process personal data confidentially, responsibly, and in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), relevant U.S. privacy regulations, and Vietnamese data protection law.

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit or use our website and services.

I. Data Controller

This website and related services are operated by:

Sub Solutions Co., Ltd

Registered address: 223 Đinh Bo Linh, Binh Thanh Ward, Ho Chi Minh City, Vietnam

Country of establishment: Socialist Republic of Vietnam

For users located in the European Union (including Germany) and the United States, Sub Solutions Co., Ltd acts as the data controller within the meaning of applicable data protection laws.

EU Representative (Article 27 GDPR)

As required under Article 27 GDPR, we have appointed an EU representative:

EU Representative: Maptara GmbH

Address: Gehrnstrasse 5, 35630, Ehringshause, Hessen (DE), Germany

Email: [email protected]

Data Protection Contact

We have not appointed a Data Protection Officer (DPO), as the statutory requirements for mandatory appointment are not met.

For all questions regarding data protection, please contact:

📧 [email protected]

II. Applicable Legal Frameworks

We process personal data in accordance with:

  • EU / Germany

    • General Data Protection Regulation (GDPR)

    • German Federal Data Protection Act (BDSG)

  • United States

    • Applicable U.S. federal and state privacy laws (including, where applicable, CCPA/CPRA)

    • Industry-standard data protection and security practices

  • Vietnam

    • Decree No. 13/2023/ND-CP on the Protection of Personal Data

    • Law on Cybersecurity (2018)

    • Relevant implementing regulations

III. Categories of Data, Purposes, and Retention

1. Website Access and Server Logs

When accessing our website, the following technical data is processed:

  • Date and time of access

  • IP address

  • Requested page

  • Referrer URL

  • Browser type and version

  • Operating system

  • Loading times and interaction data

Purpose:

  • Website operation and security

  • Prevention of misuse and cyberattacks

  • Technical optimization

Legal basis:

  • Legitimate interest (Art. 6(1)(f) GDPR)

  • Lawful processing under Decree 13/2023/ND-CP

Retention:

  • Stored for up to 30 days, unless required longer for security investigations.

2. Data Submitted via Forms

When you submit forms, we may process:

  • Name

  • Email address

  • Telephone number

  • Business-related information provided voluntarily

Purpose:

  • Responding to inquiries

  • Contract initiation or execution

  • Business communication

Legal basis:

  • Contract performance / pre-contractual measures (Art. 6(1)(b) GDPR)

  • Consent (Art. 6(1)(a) GDPR)

  • Lawful purpose under Vietnamese law

Retention:

  • Duration of the business relationship

  • Afterwards, in accordance with statutory retention obligations

3. Appointment Scheduling

When booking appointments, we process:

  • Contact details

  • Appointment information

  • Assigned personnel

  • Optional notes

Purpose:

  • Scheduling and service delivery

Retention:

  • During the active relationship

  • Afterwards, for a limited period unless legally required otherwise

4. Email Communication and Marketing

If you subscribe to emails or newsletters, we process:

  • Name

  • Email address

Purpose:

  • Marketing and informational communication

Legal basis:

  • Consent (Art. 6(1)(a) GDPR)

  • Opt-in standards applicable under U.S. law

You may withdraw consent at any time by:

IV. Data Recipients and Service Providers

We use selected service providers who process data on our behalf under contractual safeguards:

  • xSUB.APP – Software platform

  • Google – Analytics, security, calendar services

  • Meta Platforms Inc. – Marketing and tracking

  • Stripe Inc. – Payment processing

Payment providers process personal data under their own responsibility according to their privacy policies.

International Data Transfers

Personal data may be transferred to:

  • Vietnam

  • United States

  • Other third countries

Safeguards include:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions (where applicable)

  • Contractual and technical security measures

V. Rights of Data Subjects
EU / German Users (GDPR)

You have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

U.S. Users

Depending on your state of residence, you may have rights to:

  • Access personal data

  • Request deletion

  • Correct inaccurate data

  • Opt-out of certain data uses

Requests can be sent to [email protected]

Vietnamese Users

Under Decree 13/2023/ND-CP, data subjects have the right to:

  • Be informed about processing

  • Give and withdraw consent

  • Access, correct, and delete personal data

  • Request restriction of processing

  • File complaints with competent authorities

VI. Data Security Measures

We implement appropriate technical and organizational measures including:

  • Access controls

  • Encryption

  • Secure hosting environments

  • Regular security reviews

Despite these measures, no internet transmission can be guaranteed to be fully secure.

VII. Cookies

We use cookies for:

  • Essential website functionality

  • User preferences

  • Analytics

  • Marketing (where consent is given)

You may disable cookies via your browser settings. Some features may become unavailable.

VIII. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal, technical, or organizational changes.

The version published on our website is always the most current.