MEMBERSHIP PRIVACY POLICY

THIS PRIVACY POLICY IS INTENDED TO ENSURE THE SECURITY OF PERSONAL INFORMATION OF REGISTRANTS AND USERS OF LS.POINT – THE APP JOINTLY MANAGED BY LOTTE SHOPPING PLAZA VIETNAM CO., LTD (“LSPV”) AND LOTTE PROPERTIES HANOI CO., LTD (“LPH”).

This privacy policy ("Privacy Policy") describes how LSPV and LPH process personal data by collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction or other relevant activities related to managing your personal information (if any) during your shopping, use of websites/applications, products and services, and registering for the Lotte Shopping Vietnam Membership Program – Membership Program or Program (collectively referred to as "Services"). This Privacy Policy is intended to help you understand how we may process your personal data, our efforts to protect your data, and your rights in controlling your personal data and protecting your privacy. We respect your privacy and highly value your trust in the purposes for which we will process your personal data.

This Privacy Policy does not apply to any Services, products, websites, or content that are offered by third parties and/or governed by their own privacy policy. LS.POINT application ("APP") may contain links to third-party websites, apps and online Services that are not owned or controlled by LSPV and/or LPH, hence LSPV and/or LPH assume no responsibility for those third-party websites, apps, and online Services,...

By visiting, registering the APP, and/or using our Services, you agree to all the terms of this Privacy Policy. This Privacy Policy may be changed by LSPV and LPH from time to time. Members of Program ("Members") should regularly review this Privacy Policy to stay informed of any potential changes. By continuing to maintain and use the Member Account (as defined in the Membership Policy – Terms and Conditions) after any changes are posted, Members are deemed to have agreed to such changes.

ARTICLE 1: COLLECTION OF PERSONAL INFORMATION

During the use of our Services, IP addresses, cookies, device type, operating system, login device history, records on Services use, visit history, transaction data including point accumulation history, point usage, and point deductions due to expiration or other reasons in accordance with the Membership Policy, as well asother relevant actions may be automatically generated and collected.

In order for Membership Program registration, we collect the necessary and basic personal information from you through our APP, website, or paper forms when customers sign up for the Membership Program, or use our Services. Customers under the age of 15 are not eligible to register for Membership.

For non-registered or ineligible customers: You have the right to access and view public content related to our events, programs, and notices.

For customers with a membership: You have the right to use personalized Services or exclusive Member Services including: point accumulation, point redemption, and discounts for Members. We need to collect basic personal information to provide our Services.

The personal information we collect from Members at the time they sign up for membership shall include, but not limited to:

Basic data:

Full name as stated on valid personal identification documents, date of birth, gender, nationality, Citizen ID card/Passport number.
Mobile phone number, email address, and contact address (including Members who have agreed and not agreed to receive information through these addresses). Password and L.POINT Card information (to convert data from the old system L.POINT).
Other information arising during the use of the Membership card and other channels of the Program.

Other data (customers have the right to refuse to provide):

Income.
Occupation, marital status.
Number of children, age of children (if any).
Car information, car license plate, Golf membership (if any).

Calls, messages, and/or other forms of communications from and/or to us will be stored in formats including but not limited to audio, video, and automatic or manual recordings, to assist in processing requests, updating information systems, improving the quality of the Services and other lawful purposes.

The methods we use to collect personal information are as follows:

Collecting information directly entered by Members who consent to provide personal information when signing up for Membership or using our Services.
Personal information lawfully provided by our Service providers or partner who have entered into strategic cooperation agreements or partnership contracts with us, with the permission of the data subject.
Collecting information via websites, APP pages, fax, phone, etc during Services consultation.
Collecting information from participants in online and offline promotional events, etc.
Collecting information on payments and transactions of points, etc. generated during the use of Services.
Conducting surveys, investigations, etc
Other legal methods.

When collecting personal information, we shall inform customers, at the time of collection, about “the personal data items to be collected”, “the purpose of collecting and using the personal information”, and “the right to refuse to provide personal information and the disadvantages associated with the refusal” and obtain consent.

Members are responsible for ensuring that the information provided is complete, accurate, and up-to-date to safeguard the interests of Members in accordance with the use of the corresponding Services. LSPV and/or LPH are not obligated to verify the information of customers during the collection process. In case a Member provides inaccurate or incomplete information, LSPV and LPH reserve the right to take appropriate measures, including suspension of the Services and shall not be held responsible for any loss of Member’s benefits.

ARTICLE 2: SCOPE AND PURPOSE OF PERSONAL DATA USE

We use the basic personal information for these purposes:

Creation of a Membership Account.
Personal identification for verifying the intention to sign up for membership, confirming identity and age, preventing the abuse of Member benefits and performing other related actions to ensure the implementation of Member Policies.
Provision of Services (including interactions on the APP), handling inquiries or complaints, and delivering notifications.
Personal identification for purchases and payments, and products and Services delivery required for the provision of paid Services.
Sending notices to Members, including but not limited to notices about our policies, regulations, and changes; updates our policies and regulations; notices and updates on security, accounts and membership cards.
Display of the LS.POINT accumulation barcode on the Google Wallet platform in accordance with the Member’s integration and usage requirements.
Verification of the Member’s payment transactions during the use of the Services.
For advertising, marketing and promotional purposes, specifically:
- Content: Provide information about events, participation opportunities and promotional information.
- Method: Via text message, call, email provided by Members.
- Frequency: No more than 03 promotional messages to a phone number, 03 promotional emails to an email address, 01 promotional phone call to a phone number within 24 hours, within the time frame specified regulations.
Members here agree to receive advertising and promotional information until Members cancel receiving the notices, specifically:
- In case the Member does not want to receive promotional information via text message, the Member please text according to the syntax instructed in the promotional message.
- In case Members do not want to receive advertising information via calls, Members please register on the "No Advertising List" through the following methods: (1) text message with the syntax DK DNC send to 5656; (2) visiting website khongquangcao.ais.gov.vn. The phone numbers on the "No advertising list" will not receive advertising messages and calls. Under this approach, the Member shall not receive any promotional calls from any third party.
- In case Members do not want to receive promotional emails, please click "Unsubscribe" according to the instructions in the promotional email.
- Members may also request to OTP-out of receiving promotional information by contacting us using the contact information at the end of this Privacy Policy.
- To search agreements regarding registration, opting out of receiving promotional messages, promotional emails, promotional calls, Members can contact us using the contact information at the end of this Privacy Policy or visit our websites (https://lotteshopping.com.vn/ and https://lottemallwestlakehanoi.vn/).
For Services improvement, We will collect some information such as Service usage history, access frequency, Service usage statistics and customer satisfaction.
Prevention and sanctions against activities that interfere with the smooth operation of the Services (including theft and fraudulent use of the account).
Other purposes in accordance with the laws of Vietnam.

Undesirable consequences and unintended damages that may occur related to the provision and use of personal information:

Customers providing incorrect information may lead to unable to verify the authenticity of the Member Account in case of point data errors, handling complaints, disputes or gift receipt verifications, etc.
System breaches or cyberattacks, causing loss of customer information, points deduction and system disruptions.

The processing of personal information starts when the customer signs up for the Membership Program, or uses our Services, and concludess in accordance with Article 5 of this Privacy Policy.

ARTICLE 3: PROVISION AND CONSIGNMENT OF PERSONAL INFORMATION

The Member has consented to the provision of personal information for the purpose of using the Services at Lotte Department Store and Lotte Mall West Lake Hanoi, partner companies, etc., this means the Member consents to their personal information being shared with third parties, including:

Third parties, including but not limited to affiliates, service providers in Vietnam and abroad, as well as strategic partners of Lotte Department Store and/or Lotte Mall West Lake Hanoi, in cases where Member benefits have been communicated to customers and the sharing of information is necessary to ensure those benefits. Information sharing is conducted on a limited basis and serves purposes such as providing services , offers, and related programs; sending postal mail/packages, messages, and email; removing repetitive information from customer records, analyzing data, providing marketing, advertising and promotion assistance delivery or returns of products; processing or refunding payments, and providing customer service.

In order to provide better Services quality for information system operation and management, the APP uses some third-party service providers with details as follows:

No.	Provider	Service	Duration of personal data sharing
1	Lotte Innovate Vietnam Co., Ltd	Cloud storage service	Upon membership withdrawal or service providing agreement termination
		Website, APP development
		System operation and maintenance
		Marketing Email Service
2	CMC Co., Ltd	OTP SMS
3	NEW POST Express Delivery Joint Stock Company	Postal services
4	VIETTEL POSTAL JOINT STOCK CORPORATION (VIETTEL POST)	Postal services

LSPV and LPH consign some of the necessary tasks to third-party service providers and define/manage/supervise matters that are necessary for us to process personal information securely, in accordance with the relevant laws of Vietnam. If a Member does not use the Services related to the tasks consigned to these third-party service providers, this Member’s personal information will not be provided to them.

Google Wallet Application:

To display and manage the LS.POINT barcode for point accumulation and redemption based on the Member's integration and usage preferences of the Google Wallet application. By integrating Google Wallet with the LS.POINT application, the Member agrees that:

Google Wallet will display the LS.POINT barcode for use in transactions involving point accumulation and redemption.

Google Wallet may apply its own privacy policy, and Members are encouraged to review Google Wallet’s privacy terms to understand their rights and obligations.
Any authorized bank/payment channel that the Member uses to make payments at Lotte Department Store and/or Lotte Mall West Lake Hanoi, upon request for transaction verification either by the bank/payment channel or the Member at a given time. These banks/payment channels may have their own privacy policies, and Members should review the respective privacy terms (if any) to understand their rights and responsibilities.
Competent government authorities upon request and in accordance with applicable laws and regulations.

We are committed to sharing personal data only to the extent necessary, ensuring that all information recipients comply with corresponding data protection standards and applying appropriate technical and organizational measures to safeguard customer data from unauthorized access, use, or disclosure.

Cross-border Transfer of Personal Data: To enable the LS.POINT barcode display service on the Google Wallet application, certain personal data may be transferred abroad, including but not limited to: Member ID, name, and email address. We are committed to:

Applying data protection measures in accordance with Vietnamese;
Ensuring data is transferred through secure and encrypted channels;
Not sharing data with third parties beyond the scope necessary to provide the service
Members have the right to choose whether or not to integrate Google Wallet and may unlink their LS.POINT account from Google Wallet at any time.

ARTICLE 4: USAGE AND SECURITY OF OTP

To ensure information security when customers register as Members use the LS.POINT APP of LSPV and LPH, One-Time Password (OTP) will be used as a method to authenticate customer identity during registering and using APP. The provisions of this article describe the usage, responsibilities, and terms related to OTP.

Purpose of OTP Usage

Membership registration authentication: When a customer wishes to register as a Member, an OTP will be sent via the customer's registered phone number to confirm the customer's identity and personal information.
Password recovery: In case a Member forgets their password and needs to reset it, an OTP will be sent to the member to verify the password recovery request.

OTP Delivery Method

OTP will be sent via SMS to the phone number provided by the customer during the account registration process.

OTP Validity and Expiration

The OTP is valid for 3 minutes from the time it is sent. After this period, the customer must request a new OTP to continue the authentication process.
OTP cannot be reused after it has expired or been successfully used for authentication purposes.
To ensure security and prevent OTP misuse, customers are allowed to request OTPs a maximum of 5 times consecutively in a short period. After 5 consecutive requests, the system will pause OTP issuance for 10 minutes. After this interruption, customers can request OTPs again. However, if they request an OTP consecutively for 5 more times, the interruption will apply again.
If the customer experiences 5 consecutive interruptions (each 10 minutes), the system will permanently lock OTP issuance to the customer. In this case, the customer will not be able to request an OTP and must contact our customer service department for assistance or to restore access.

OTP Security

Customers are responsible for keeping the OTP secure. The OTP and/or the equipment storing OTP must not be shared with the other Third Party.
Any disclosure or misuse of the OTP may result in the loss of account access or potential risks related to the security of personal information.
LSPV and LPH are not responsible for any losses arising from the customer's disclosure or misuse of the OTP.

No Third-Party Interference

OTP information is encrypted when sent to the customer. The OTP sending and receiving process is completely secure, and no party other than the customer and the system of LSPVand LPH has access to the OTP.

Handling Violations Related to OTP

Any misuse of the OTP, sharing it with third parties without permission, or intentionally disrupting the authentication process will be considered a violation of the security policy. Depending on the severity of the violation, the customer may be suspended from their account or be subject to legal action under applicable laws.

Member Obligations

Members are obliged for providing accurate contact information to receive OTPs. If there is a change in phone number, the member must update the information promptly to avoid disruptions during the authentication process (to change phone numbers, refer to Article 11: LDSM-P-011 on Update Member Information in the document “Member Policy 2024 – Terms and Conditions”).
Immediately notifying the customer service department of the following cases: loss, missing phone number from which SMS is received, upon being fraudulent or suspiciously being fraudulent; upon being attacked or suspiciously attacked by hackers related to receiving OTP during using APP.
Members must ensure they check and enter the OTP correctly within its validity period to complete the registration process on the LS.POINT application or to recover their password.

Support Contact

If you encounter any issues related to OTP, please contact our customer service department for prompt support.

By registering as a member of Lotte Department Store and Lotte Mall West Lake Hanoi, customers agree to the security terms related to OTP. This policy may be amended over time to meet new security requirements and will be publicly posted on the LS.POINT APP.

ARTICLE 5: DESTRUCTION AND RETENTION OF PERSONAL INFORMATION

In principle, we shall destroy personal information immediately upon cancellation of Membership at the customer's request, however, personal information and LS.POINT points can be restored if the customer re-registers for the Membership Program within 07 (seven) days from the date of membership cancellation. In the event that separate consent is obtained from the Member for the retention period of personal information, as described in Article 1 (Collection of Personal Information) above, or if we are legally obligated to retain personal information for a certain period, we shall store it securely for the specified duration.

Information that is requested by the law, has to be retained for a certain period and will be destroyed in a manner that does not allow it reproduction or restoration, immediately after the expiration of the period.

We will store the personal information of online Members who have not used the APP’s Services for a period appropriate to the purpose of data processing unless otherwise prescribed by law.

The storage term of personal information (subject to change in accordance with relevant laws) is as follows:

No.	Category	Time	Items
1	Personal Information	2 years	Identification information, withdrawal information
2	Records of electronic financial transactions	5 years	Transaction information
3	Service visit records	2 years	Log, IPs, etc.

ARTICLE 6: RIGHTS AND OBLIGATIONS OF MEMBERS AND HOW TO EXERCISE THEM

At any time, Members can:

View, access, or update and correct their personal information.
Request to suspend or put restrictions on the viewing or processing of personal information, which may be subject to certain conditions as stipulated by the law.
Request the deletion of their personal information or withdraw consent to share personal information by withdrawing Membership.
To exercise these rights, kindly go to the “My Profile” section on the APP or go to Lotte Department Store or Lotte Mall West Lake Hanoi to make a direct request. We may request certain personal information to verify your request.
Members may stop using the Service and delete the LS.POINT barcode from the Google Wallet application at any time. The deletion of the LS.POINT barcode must be performed directly by the Member within the Google Wallet application.

Member’s Obligations Regarding Personal Data Protection:

Members are responsible for protecting their own personal data and have the right to request relevant organizations and individuals to protect their personal data.
Respect and safeguard the personal data of others.
Immediately notify LSPV and/or LPH upon discovering or suspecting any leakage or unauthorized disclosure of personal data through the use of the Service.
Regularly review the privacy policy of the Membership Program via the LS.POINT application or our official websites: (https://lotteshopping.com.vn/ and https://lottemallwestlakehanoi.vn/).
Fulfill other obligations as prescribed by law.

ARTICLE 7: MEASURES TO ENSURE THE SECURITY OF PERSONAL INFORMATION

LSPV and LPH make efforts to securely manage the personal information of Members by following measures:

We establish and implement internal management plans for personal information protection: establish internal management plans for personal information, including matters related to the operation of personal information protection such as appointing a privacy officer, etc., and conducting annual to ensure these internal management plans are properly implemented.
We take access control and access authority restriction measures for personal information. In order to prevent unauthorized access to personal information, we have established and implemented standards for granting, modifying, and canceling. access to personal information handling systems, and we have installed and operated intrusion prevention systems and intrusion detection systems. In addition, we reduce the risk of information leaks by separating the external Internet network from the intranet for work PCs used by employees authorized to download personal information.
We take encryption measures to securely store and transmit personal information. Passwords, unique identification information, and Citizen ID/Passport are encrypted and stored as prescribed by laws and regulations. In addition, personal information is securely transmitted and received over network through encrypted communication channels, etc.
Measures are taken to store personal information access records and prevent forgery or alteration. Personal information handlers maintain records of access in the personal information handling system, and the relevant access records are kept securely so that the personal information handlers’ access records are not forged, altered, stolen, or lost.
We install and update security programs for personal information. To prevent damage to personal information, the data is backed up frequently, and the latest antivirus software is used to prevent Members’ personal information or data from being leaked or damaged.
We take physical measures to securely store personal information. To prevent personal information from being leaked or damaged due to attacks, intrusions computer viruses, etc., systems are set up in areas with restricted access from outside, and access control procedures are established and operated.
We shall not be held liable for any loss or leakage of data caused by the Member or any third party.
We shall not be responsible for any technical errors, interruptions, security breaches, or any other issues arising from Google Wallet.

For inquiries, requests, or complaints, please contact:

LSPV: Service Lounge at 024 3333 2514
LPH: Service Lounge at 024 3333 8041