RECTIFICATION OF PERSONAL DATA CASES

1. Legal basis

• Decree No. 13/2023/ND - CP on protection of personal data

2. Overview of personal data

Clause 1, Article 2 of Decree No. 13/2023/ND - CP clearly defines the concept of personal data as follows: “Personal data” refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data. In which, basic personal data is defined under Article 2, Clause 3 of Decree No. 13/2023/ND - CP, including:

• Last name, middle name and first name, other names (if any);
• Date of birth; date of death or going missing;
• Gender;
• Place of birth, registered place of birth; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address;
• Nationality;
• Personal image;
• Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;
• Marital status;
• Information about the individual’s family relationship (parents, children);
• Digital account information; personal data that reflects activities and activity history in cyberspace;
• Information associated with an individual or used to identify an individual other than that specified in Clause 4 of this Article.

Furthermore, sensitive personal data is personal data in association with individual privacy which, when being infringed, will directly affect an individual's legal rights and interests, including:

• Political and religious opinions;
• Health condition and personal information stated in health record, excluding information on blood group;
• Information about racial or ethnic origin;
• Information about genetic data related to an individual's inherited or acquired genetic characteristics;
• Information about an individual’s own biometric or biological characteristics;
• Information about an individual’s sex life or sexual orientation.
• Data on crimes and criminal activities collected and stored by law enforcement agencies;
• Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
• Personal location identified via location services;
• Other specific personal data as prescribed by law that requires special protection.

3. Rectification of personal data cases

Article 15 of Decree No. 13/2023/ND - CP specifies the issue of rectifying personal data as follows:

Firstly, the data subject is the entity with the right to rectify personal data. He/she can Access his/her personal data in order to view and rectify it after the Personal Data Controller and the Personal Data Controller-cum-Processor collects the data under his/her consent, unless otherwise provided for by law. In case he/she cannot directly rectify his/her personal data due to technical reason or other reasons, he/she can request the Personal Data Controller and the Personal Data Controller-cum-Processor to rectify his/her personal data. The Personal Data Controller and the Personal Data Controller-cum-Processor shall rectify personal data of the data subject after obtaining his/her consent when possible or according to regulations of specialized law. In case it is impossible to rectify personal data, the Personal Data Controller and the Personal Data Controller-cum-Processor shall notify the data subject after 72 hours from the time of receipt of his/her request.

Moreover, according to clause 3 of Article 15 of this Decree, the Personal Data Processor and the Third Party may rectify the personal data of the data subject after the Personal Data Controller and the Controller and the Personal Data Processor consent in writing and obtain consent from the data subject.

----------

For more information, please contact:

Hoang Pham (James) / Managing Partner at: hoang.pham@vselawyers.com

© 2023 VSE LAWYERS LIMITED LIABILITY LAW COMPANY – All rights reserved.

Attention: This legal update is not an advice and should not be treated as such.