Privacy Policy

Preface:

Welcome to the services provided by “VARplus”! We are VARplus (abbreviated as VAR+) (referring to the VAR+ website and the corresponding services provided by VAR+ to customers, hereinafter referred to as “VAR+” or “we”). We fully understand the importance of personal information to you, and we are firmly committed to protecting the personal information and privacy of users (hereinafter collectively referred to as “users” or “you”) who use VAR+ products and services.

When you use VAR+, we may collect and use your personal information. Through the “VAR+ Privacy Policy” (hereinafter referred to as “this Policy”), we hope to explain to you the relevant matters, including our rules for handling your personal information when collecting and using it, so as to better protect your rights and interests.

Special Reminder:

Before using VAR+, please carefully read (minors must read together with a guardian) and fully understand this Policy (especially the content in bold or underlined) in order to make appropriate choices. By agreeing to this Policy, you agree that we may process your relevant personal information in accordance with this Policy. You should not use VAR+ unless you have read and accepted all the terms of this Policy.

This Policy applies to VAR+. For users under the age of 14, this Policy shall apply together with the “Rules and Information for Guardians on the Protection of Children’s Personal Information of VAR+” (see Appendix 1). In the event of any conflict between this Policy and the “Rules and Information for Guardians on the Protection of Children’s Personal Information of VAR+” or similar provisions in the “VAR+ Terms of Service,” this Policy shall prevail. If any service provided by us does not apply to this Policy, such service will clearly exclude the application of this Policy in an appropriate manner.

After reading this Policy, if you have any questions about this Policy or matters related to it, you may contact us through the feedback channels listed in the section “How to Contact Us” of this Policy, and we will respond to you as soon as possible.

This Policy will help you understand the following:

  1. How we collect and use personal information

  2. How we use cookies or similar technologies

  3. The personal information we may share, transfer, and disclose

  4. How we store and protect personal information

  5. How you can manage your personal information

  6. Third-party services

  7. Protection of minors

  8. Amendments and Notices

I. How We Collect and Use Personal Information

We collect your personal information primarily to make it easier and more satisfying for you and other users to use VAR+. Our goal is to provide all internet users with a safe, enjoyable, and educational online experience. This personal information helps us achieve that goal.

1. How We Collect and Obtain Your Personal Information

1.1. Information you provide. For example:

1.1.1. Information you provide when registering a VAR+ account or using VAR+;
1.1.2. Shared information you provide to third parties through VAR+, and information stored when you use VAR+.

Please note that if you disclose your information in content you upload or post in public areas of VAR+ services visible to other users, or in your responses to content uploaded or posted by others, such information may be collected and used by others. If you become aware that your information has been improperly collected or used by others, you may contact us through the feedback channels listed in the “How to Contact Us” section of this Policy.

1.2. Information shared by third parties.
This refers to information about you provided by third parties when they use VAR+.

1.3. Information obtained by us.
When you use VAR+, we may collect, aggregate, and record information such as log information, location information, and device information.

2. Types of Personal Information We Collect and Use and the Purposes

You understand and agree that we strive to provide you with high-quality products and services. Therefore, we continuously improve our products and services. As we iterate, expand, and upgrade our offerings, we may introduce new services or features, adjust business functions, request the collection of new personal information, or change the purpose or method of using personal information.

If we intend to use your personal information for purposes not specified in this Policy, or collect additional personal information not mentioned herein, we will seek your consent through interface prompts, interactive processes, website notices, or other methods in accordance with applicable laws. During this process, you may contact us through the feedback channels listed in the “How to Contact Us” section, and we will respond as soon as possible.

2.1. Assisting You with Registration and Login

To provide you with continuous and stable services and ensure security while using VAR+, we require basic registration or login information, including your mobile phone number, email address, account name, username, and password.

If you only wish to browse, share, or read football analysis content, you do not need to register or log in, nor provide the above information.

Providing additional information such as your nickname, gender, profile picture, and date of birth can help us offer a better service experience. However, failure to provide such information will not affect your use of the basic functions of VAR+.

2.2. Maintaining the Normal Operation of Basic Functions

When you use our services to browse, share, and read football analysis content, we may collect relevant information to display interfaces more suited to your needs, understand product suitability, identify abnormal account status, and ensure transmission and operational security.

To maintain normal operation of these basic functions, we may directly or indirectly collect, store, and associate information about the services you use and how you use them, including:

(1) Log Information:
When you use our website or services, we automatically collect detailed usage information and store it as relevant logs. For example: login account, filtered content, IP address, browser type, telecom operator, network environment, language used, access date and time, browsing history, and your tracking, favorites, and sharing records.

(2) Device Information:
Based on the permissions you grant during installation and use of the software, we may collect device-related information such as device type, operating system and version, client version, device resolution, device settings, device identifiers (IMEI / AndroidID / IDFA / OpenUDID / GUID / SIM IMSI), package name, hardware and software features, and location information (such as IP address and WLAN access points that may provide location data).

We will request your permission to access device information. This information is collected to provide basic services. If you refuse to grant such permissions, you may not be able to use VAR+ services.

Please note that device information and log information alone cannot identify a specific individual. However, if combined with other information to identify a specific individual, or used together with personal information, such non-personal information will be treated as personal information. Unless otherwise permitted by law or with your consent, we will anonymize and encrypt such information. During combined use, it will be handled and protected as personal information in accordance with this Policy.

2.3. Providing Interactive and Publishing Services

When you use VAR+, upload or post information, or engage in interactive activities (such as posting chat content), we will collect the information you upload, post, or generate, and display it using your nickname, profile picture, and posted content.

Please note that publicly posted information may contain your personal or sensitive information. Please consider carefully before publishing. If the content involves another person’s personal information, you should obtain their consent before posting.

2.4. Customer Service and Other User Feedback Functions

When you contact customer service or use other feedback functions (such as submitting sales or after-sales requests, complaints, suggestions regarding personal information protection, or other customer requests), we may require necessary personal information to verify your identity and ensure account and system security.

We may also retain your contact details (those used when contacting us or voluntarily provided), records and content of communications and calls, and other necessary information related to your request, in order to contact you, resolve issues, or record solutions and outcomes.

2.5. Personal Information Collected Indirectly

Based on the VAR+ services you choose, we may obtain relevant personal information from affiliated companies or authorized third-party partners.

For example, if you log in using a third-party platform account, we will obtain relevant account information authorized by you (such as username, nickname, profile picture—depending on your authorization scope). After you agree to this Privacy Policy, we will link your third-party account with your VAR+ account, allowing direct login via the third-party account.

We collect and use such information in compliance with applicable laws and agreements with affiliates or third parties, and based on the belief that the sources of such information are lawful.

2.6. Providing Security Protection

To enhance service security and protect you, other users, or public property from harm—and to prevent fraud, scams, network vulnerabilities, viruses, cyberattacks, and other security risks—we may collect, use, or integrate your account information, transaction information, device information, log information, and information shared by affiliates or partners (as authorized by you or required by law).

This allows us to assess account and transaction risks, perform identity verification, prevent security incidents, and conduct necessary recordkeeping, auditing, analysis, and handling.

2.7. Device Permission Access

Certain services may require enabling specific device permissions to collect and use related information. For example:

(1) If you grant access to your photo album or camera, you may upload photos or videos (e.g., for profile pictures or submitting evidence to customer service);
(2) If you grant microphone access, you may use voice messaging functions to contact customer service.

Most mobile devices allow you to disable such permissions. Please refer to your device manufacturer or service provider for details. Enabling permissions authorizes us to collect and use relevant information. Disabling permissions withdraws authorization, and we will no longer collect or use related information, nor provide corresponding services. However, disabling permissions does not affect prior information processing based on your previous consent.

2.8. Exceptions to Authorization and Consent

In accordance with applicable laws and regulations, your consent is not required for personal information collection in the following circumstances:

  1. Directly related to national security or defense security;

  2. Directly related to public safety, public health, or major public interests;

  3. Directly related to criminal investigations, prosecutions, trials, and enforcement of judgments;

  4. To protect vital legal rights and interests such as life and property when obtaining consent is difficult;

  5. When the personal information is voluntarily disclosed to the public by you;

  6. Necessary for contract formation and performance upon your request;

  7. Information legally disclosed publicly (e.g., lawful news reports or government disclosures);

  8. Necessary to maintain safe and stable operation of VAR+ (e.g., detecting and handling product or service failures);

  9. Necessary for legitimate news reporting;

  10. Necessary for public-interest statistical or academic research, provided information is de-identified when published;

  11. Other circumstances as stipulated by law.

2.9. Reminder Regarding Sensitive Personal Information

Sensitive personal information refers to personal data that, if leaked, illegally provided, or misused, may endanger personal or property safety, harm reputation, affect physical or mental health, or lead to discrimination.

The personal information you provide or we collect may include sensitive personal information, such as bank account numbers and transaction information. Please exercise caution when providing such information. You agree that we may process your sensitive personal information in accordance with the purposes and methods described in this Privacy Policy.

II. How We Use Cookies or Similar Technologies

We and our third-party partners may collect and use your personal information through cookies or similar technologies and store such information as log data.

By using cookies, we provide users with a simpler and more personalized web experience. A cookie is a small amount of data sent to your browser from a web server and stored on your computer’s hard drive. We use cookies for the benefit of users. For example, to make the login process for VAR+ faster, you may choose to store your username in a cookie. This allows you to log in to VAR+ services more easily and quickly next time. Cookies can also help us identify which pages and content you access, how much time you spend on VAR+, and which services you select.

Cookies enable us to serve you better, faster, and in a more personalized way. However, you can control whether and how your browser accepts cookies. Please refer to your browser’s documentation for more details.

We and our third-party partners may collect and use your personal information through cookies or similar technologies and store such information.

We use our own cookies or similar technologies for the following purposes:

  1. Remembering your identity. For example, cookies or similar technologies help us recognize you as a registered user or store your preferences and other information you provide to us.

  2. Analyzing how you use our services. We may use cookies or similar technologies to understand what activities you engage in on VAR+ and which services are most popular.

You can refuse or manage cookies through your browser settings or user selection mechanisms. However, please note that if you disable cookies, we may not be able to provide you with the best possible service experience, and some services may not function properly.

III. Personal Information We May Share, Transfer, or Disclose

(1) Sharing

We place great importance on protecting your personal information. We will not share your personal information with any third party outside of us without your consent, except in the following circumstances:

  1. Services we provide to you. We may share your information with partners and other third parties to achieve the core functions you require or to provide services you need. For example, partners providing data services (including online advertising monitoring, data statistics, and data analysis).

  2. Advertising partners. We may share information with entrusted partners who carry out advertising on our behalf so they can understand the reach and effectiveness of their advertisements. For example, we may inform them how many users viewed their advertisements or purchased their products after viewing them, or provide anonymized statistical information to help them understand their audience.

  3. Affiliated companies. To provide consistent services under a unified account system and facilitate centralized management, security, and account protection, your personal information may be shared between us and our affiliated companies when necessary.

  4. Maintaining and improving our services. We may share your personal information with partners and other third parties to help us provide more targeted and improved services, such as telecommunications service providers sending emails or push notifications on our behalf.

  5. Other purposes described in Section I (“How We Collect and Use Personal Information”).

  6. To fulfill our obligations and exercise our rights under this Policy or other agreements between you and us.

  7. As permitted by laws and regulations, to comply with legal requirements or to protect us, our affiliates or partners, you, other VAR+ users, or the public interest, property, or safety from harm (such as preventing fraud or other illegal activities and reducing credit risk). This does not include selling, renting, or otherwise disclosing information for profit in violation of this Policy.

  8. To assist in resolving disputes between you and others at your legitimate request.

  9. Providing information at the lawful request of your guardian.

  10. As stipulated in service agreements signed with you (including online electronic agreements and platform rules) or other legal documents.

  11. For academic research purposes.

  12. For lawful public and social interest purposes.

We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes. We will enter into strict confidentiality agreements with companies, organizations, and individuals with whom we share information, requiring them to handle information in accordance with our instructions, this Policy, and relevant security measures.

(2) Transfer

  1. As our business develops, we may engage in mergers, acquisitions, asset transfers, or similar transactions, and your personal information may be transferred as part of such transactions. We will require the new companies and organizations holding your personal information to continue to be bound by this Policy. Otherwise, we will require them to seek your authorization and consent again.

  2. With your explicit consent, we may transfer your personal information to third parties.

(3) Disclosure

We will only disclose your personal information under the following circumstances and in compliance with industry-standard security measures:

  1. At your request, in accordance with the disclosure method you have explicitly agreed to.

  2. When required by laws, regulations, mandatory administrative enforcement authorities, or judicial authorities. We may disclose your personal information according to the requested type and method of disclosure. In compliance with applicable laws, we will require the requesting party to provide appropriate legal documentation, such as subpoenas or investigation notices. We ensure maximum transparency regarding the information requested within the scope permitted by law. All requests are carefully reviewed to ensure they have a legal basis and are limited to data that law enforcement authorities are legally entitled to obtain for specific investigative purposes.

(4) Exceptions to Prior Authorization and Consent for Sharing, Transferring, and Disclosing Information

In the following circumstances, sharing, transferring, or disclosing your personal information does not require your prior authorization and consent:

  1. Directly related to national security or defense security;

  2. Directly related to public safety, public health, or major public interests;

  3. Directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;

  4. To protect vital legitimate rights and interests such as life and property when obtaining consent is difficult;

  5. When you have voluntarily disclosed the information to the public;

  6. When collecting information from legally disclosed public sources, such as lawful news reports or government disclosures;

  7. Related to our performance of legal obligations.

In accordance with the law, if personal information has been anonymized and it is ensured that the data recipient cannot restore or re-identify the data subject, the sharing, transfer, or public disclosure of such information does not constitute personal information processing. The storage and processing of such data do not require additional notice to or consent from you.

IV. How We Store and Protect Personal Information

(1) Storage of Personal Information

Unless otherwise required by laws, regulations, or regulatory authorities, we will store your personal information only for the shortest period necessary to fulfill the purposes described in this Policy.

If we cease providing services or operations, we will immediately stop collecting your personal information and, in accordance with applicable laws and regulations, notify you in advance. After termination, we will delete or anonymize your personal information unless otherwise required by law or regulatory authorities.

Personal information collected and generated during our operations within the territory of the Socialist Republic of Vietnam will be stored within Vietnam, except in the following circumstances:

  1. Where laws and regulations provide otherwise;

  2. Where we have obtained your authorization and consent;

  3. Where the VAR+ services you use involve cross-border services and require us to transfer your personal information outside the territory.

In such cases, we will ensure compliance with applicable national laws and regulatory requirements and provide appropriate protection for your personal information.

(2) Protection of Personal Information

We attach great importance to information security. We have established a dedicated security team and take all reasonably practicable measures to protect your personal information.

1. Technical Security Measures

We adopt industry-standard security measures, including establishing management systems and implementing reasonable security technologies to prevent unauthorized access, use, or modification of your personal information, as well as to prevent data damage or loss.

Our services apply various encryption technologies. For example, in certain VAR+ services, we use encryption technologies (such as SSL) to protect your personal information. We encrypt and store personal information and isolate it using isolation technologies.

When processing personal information (such as displaying information or performing related calculations), we use data masking technologies to enhance security.

We also implement strict data access control technologies and multi-factor authentication to protect personal information and prevent unauthorized use.

2. Other Security Measures

We have established an industry-leading data security management system centered on data protection, covering the entire data lifecycle. This enhances overall system security from multiple aspects, including organizational structure, system design, personnel management, and product technology.

We manage and regulate the storage and use of personal information through data classification and grading systems, data security management standards, and secure development standards.

We conduct comprehensive data security control through confidentiality agreements, monitoring mechanisms, and audit processes.

We also conduct security and privacy training to enhance employees’ awareness of data protection policies and procedures.

3. Access Control

We only allow employees and partners who need access to your personal information to do so and establish strict monitoring and access control mechanisms. All personnel with potential access to personal information must fulfill confidentiality obligations. Failure to do so may result in legal liability or termination of cooperation with VAR+.

4. Internet Risks

The Internet is not an absolutely secure environment. We cannot guarantee that communications with other users via email, instant messaging, social software, or other service tools are fully encrypted. We recommend that you use strong passwords and take steps to protect your information.

When you communicate or transact with third parties through VAR+ services, you may inevitably disclose information such as contact details or mailing addresses. Please safeguard your information and disclose it only when necessary.

5. Limitation of Absolute Security

The Internet environment is not 100% secure. While we strive to ensure the security of your personal information, we cannot guarantee absolute security at all times. If our physical, technical, or management safeguards are compromised, resulting in unauthorized access, disclosure, tampering, or destruction of personal information and damage to your legitimate rights and interests, we will bear the corresponding legal responsibilities.

6. Security Incident Handling

To address potential risks such as personal information leakage, damage, or loss, we have established systems that define security incident classification standards and corresponding response procedures. We have also set up a dedicated emergency response team.

In accordance with security incident handling requirements, we implement security plans for different incidents to control losses, conduct analysis and tracing, develop remedial measures, and cooperate with relevant departments.

We regularly conduct internal training and emergency drills to ensure staff are familiar with response procedures.

In the event of a personal information security incident, we will promptly notify you in accordance with legal requirements, including:

  • The basic circumstances and possible impact of the incident;

  • Measures we have taken or will take;

  • Recommendations to help you prevent and mitigate risks;

  • Remedial measures available to you.

We may notify you via email, mail, phone, push notifications, or other appropriate means. If it is difficult to notify individuals individually, we will issue public announcements in a reasonable and effective manner. We will also proactively report incident handling to regulatory authorities as required.

Please understand that due to technical limitations and risk prevention constraints, even with strengthened security measures, we cannot guarantee 100% information security. Systems and telecommunications networks you use to access VAR+ may encounter issues beyond our control.

Please keep your account number, password, and other identification information secure. VAR+ uses these credentials to identify you. If such information is disclosed, you may suffer losses. If you suspect your account credentials have been compromised, please contact us immediately so we can take timely protective measures.

7. Cloud Storage Certification

We maintain an industry-leading data security management system focused on data lifecycle protection. The cloud storage technology we currently use to store your personal data has obtained the “Trusted Cloud” certification issued by the Data Center Alliance.

V. How You Manage Your Personal Information

(1) Access, Update, and Deletion

We encourage you to update and correct your personal information to ensure accuracy and effectiveness. We will use appropriate technical measures or provide contact channels to ensure that, where possible, you can access, update, and correct your information while using VAR+.

When accessing, updating, correcting, or deleting personal information, we may require identity verification to ensure security.

For personal information collected via cookies or similar technologies, please refer to Section II (“How We Use Cookies or Similar Technologies”) for opt-out mechanisms.

If you wish to review, modify, or delete certain personal information, please log in to VAR+ and perform the relevant actions. If you encounter difficulties, you may contact us through the feedback channels listed in the “How to Contact Us” section, and we will respond as soon as possible.

Unless otherwise required by law, when you modify or delete personal information, we may not immediately update backup systems but will do so once backups are refreshed.

(2) Public Disclosure and Sharing

Some of our services allow you to publicly share information about yourself, not only with your social network but with all users, such as content you upload or post on VAR+, including related location data and log information.

Unless you delete such publicly shared information, it may remain in the public domain. Even after deletion, the information may still be stored, copied by other users or third parties beyond our control, or retained in the public domain.

We are not responsible for disclosures resulting from information you voluntarily make public. Therefore, we strongly advise you to carefully consider whether to disclose or share information.

(3) Changing the Scope of Authorization and Consent

You may always choose whether to disclose personal information to us. Some information is necessary to use VAR+, while most other information is optional.

You may change the scope of authorization or withdraw consent by deleting information, disabling device features, etc.

After withdrawing authorization, we will no longer provide services corresponding to the withdrawn authorization and will stop processing the related information. However, withdrawal does not affect processing conducted prior to withdrawal.

(4) Automated Decision-Making

In some business functions, decisions may be made solely by automated systems (such as information systems or algorithms) without human intervention.

If such decisions significantly affect your legitimate rights and interests, you have the right to request an explanation, and we will provide appropriate handling measures.

(5) Responding to Your Requests

To ensure security, you may be required to submit requests in writing or otherwise verify your identity. We may request identity verification before processing your request.

In principle, we do not charge fees for reasonable requests. However, for repeated or excessive requests, we may charge a reasonable fee. We may refuse requests that are unnecessarily repetitive, require excessive technical efforts (such as developing new systems), pose risks to others’ legitimate rights, or are impractical (such as requests involving backup data stored on tapes).

We may be unable to respond to your request in the following situations:

  1. Related to fulfilling our legal obligations;

  2. Directly related to national security or defense security;

  3. Directly related to public safety, public health, or major public interests;

  4. Directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;

  5. Where we have sufficient evidence that you have subjective malice or are abusing your rights;

  6. Where responding would protect vital legitimate rights and interests (such as life or property) that are difficult to obtain consent for;

  7. Where responding would seriously damage the legitimate rights and interests of you or others;

  8. Involving trade secrets.

VI. Third-Party Services

VAR+ may access or link to social media platforms or other services (including websites or other forms of services) provided by third parties. These include:

  1. You may use the “Share” button to share certain content from VAR+ with third parties. In addition, you may log in to VAR+ using third-party services. These functions may collect your personal information (including your log information) and may install COOKIES on your device to ensure proper functionality;

  2. We may provide links through advertisements or other means within our services that allow you to access third-party services or websites;

  3. Other scenarios involving access to third-party services. For example, in order to achieve the purposes described in this Policy, we may access SDKs or similar applications (such as embedded code, plug-ins, etc.) provided by third-party service providers to offer you better customer service and user experience. Currently, the third-party service providers we access mainly include the following categories:

    (1) Services related to advertising, including ad display, ad data tracking/statistics, etc.;

    (2) Services used for message delivery functions, including mobile device manufacturers’ push services, specific event reminders, etc.;

    (3) Third-party authorized services, including third-party account login and sharing relevant content to third-party products;

    (4) Services supporting product function modules, including intelligent customer service, etc.;

    (5) Services used to optimize product performance, including crash data statistics and related analytics.

Some third-party SDKs or similar applications we access may collect your personal information. For example, when you use such third-party services within our services, you agree that your information may be directly collected and processed by them. We will assess the legality, legitimacy, and necessity of the personal information collected by such third-party services, require them to take measures to protect your personal information, and strictly comply with applicable laws, regulations, and regulatory requirements. You may click on the “Third-Party SDK Directory” to learn about the basic information of the third-party SDKs we mainly access. You may also contact us through the feedback channels listed in the “How to Contact Us” section of this Policy, and we will respond as soon as possible.

Access to the above-mentioned third-party social media platforms or other services is operated by the relevant third parties. Your use of such third-party social media or other services (including any information you provide to them) shall be governed by the service terms and privacy policies of those third parties (not this Policy), and you are required to carefully read their terms. This Policy applies only to personal information collected by us and does not apply to any third-party services or their rules regarding the use of information. If you find that third-party social media platforms or other services present potential risks, you should discontinue the relevant operations to protect your legitimate rights and interests and contact us promptly.

VII. Protection of Minors

We recommend that any minors engaging in online activities obtain the consent of their parents or other guardians (hereinafter referred to as “guardians”). We will protect minors’ personal information in accordance with relevant national laws and regulations.

We encourage guardians to guide minors in using VAR+. If you are a minor under the age of fourteen, please inform your guardian to read this Policy together with you and accept our “Rules and Information for Guardians on the Protection of Children’s Personal Information of VAR+.” When using VAR+, please obtain prior consent and guidance from your guardian before using VAR+ and submitting personal information.

VIII. Amendments and Notices

To provide you with better services, we may revise the terms of this Policy from time to time based on updates to VAR+ services and relevant legal and regulatory requirements. Such revisions form part of this Policy. We will post any changes to this Policy on this page. For significant changes, we will also provide more prominent notices (such as website announcements, notifications, or pop-up reminders). Major changes referred to in this Policy include, but are not limited to:

  1. Significant changes in our service model, such as the purpose of processing personal information, the types of personal information processed, or the methods of using personal information;

  2. Significant changes in our ownership structure, such as changes of ownership due to business adjustments, bankruptcy, mergers, or acquisitions;

  3. Significant changes in the main entities with whom personal information is shared, transferred, or publicly disclosed;

  4. Significant changes in your rights to participate in the processing of your personal information and the ways in which you exercise such rights;

  5. Significant changes in the department responsible for personal information security, contact methods, or complaint channels;

  6. Other important changes that may significantly affect your personal rights and interests.

If you do not agree with these changes, you may choose to stop using VAR+ services. If you continue to use VAR+ services, it means that you have fully read, understood, and agreed to be bound by the revised Policy.

All amendments we make will place your satisfaction as our priority. We encourage you to review our Privacy Policy each time you use VAR+.

We may send you service-related notifications when necessary (for example, when we suspend VAR+ services due to system maintenance, changes, or termination of services). If you do not wish to continue receiving our messages, you may request us to stop sending them, for example, by following the SMS unsubscribe instructions or adjusting the settings on your mobile device to stop receiving our updates; except for messages required by law.

We will generally respond to your questions, comments, or suggestions within fifteen working days after verifying your identity. If you are not satisfied with our response, you may file a complaint with the consumer protection authority or bring a lawsuit before a competent court.

Appendix I

Rules and Information for Guardians on the Protection of Children’s Personal Information of VAR+

Effective date: August 10, 2022

VAR+ fully recognizes the importance of protecting children’s (referring to minors under the age of fourteen, as defined below) personal information and privacy. We have formulated the “Rules and Information for Guardians on the Protection of Children’s Personal Information of VAR+” (hereinafter referred to as “this Policy”) to explain our corresponding processing rules and other related matters when collecting and using children’s personal information.

Before using VAR+, children, parents, or other guardians (hereinafter collectively referred to as “guardians”) are requested to carefully read and fully understand this Policy, especially the bolded/underlined provisions, and confirm that they understand and agree to all terms before beginning to use the service.

Special Instructions for Guardians

If we become aware that your child is under the age of fourteen, we will take special measures in accordance with this Policy to protect the personal information we obtain about your child.

Please help us protect your child’s personal information and privacy by requiring them to read and accept this Policy under your supervision, and to use VAR+ and submit personal information only with your consent and guidance.

If you do not agree with the contents of this Policy, it may result in our products and services being unable to function properly or achieve the intended service effects. In such cases, you should immediately request that your child stop accessing/using VAR+.

By clicking to agree to this Policy, or by allowing your child to use/continue using VAR+ and submit personal information, you indicate that you consent to our collection, use, storage, sharing, transfer, and disclosure of your child’s personal information in accordance with this Policy (including updated versions).

Special Instructions for Children

We recommend that any child engaging in online activities obtain prior consent from their guardian.

If you are a child, please inform your guardian to read this Policy together with you and seek their consent and guidance before using VAR+ and submitting personal information.

By clicking to agree to this Policy, or by using/continuing to use VAR+ or submitting personal information, you indicate that you have obtained your guardian’s permission and that your guardian agrees to our collection, use, storage, sharing, transfer, and disclosure of your personal information in accordance with this Policy (including updated versions).

This Policy applies to our collection, use, storage, sharing, transfer, and disclosure of children’s personal information via the Internet within the territory of the Socialist Republic of Vietnam.

When children use VAR+, guardians agree to be bound by this Policy. In case of any inconsistency between similar provisions in this Policy and the “VAR+ Privacy Policy” regarding children’s personal information, this Policy shall prevail.

If a specific service provided by us does not apply this Policy, such service will clearly exclude the application of this Policy in an appropriate manner.

Where there is any inconsistency between this Policy and the main text of the “VAR+ Privacy Policy” regarding children’s personal information protection rules, this Policy shall prevail. If matters are not covered in this Policy, the “VAR+ Privacy Policy” shall apply.

After reading this Policy, if you have any questions regarding this Policy or related matters, you may contact us through the feedback channels listed in the “How to Contact Us” section of this Policy, and we will respond as soon as possible.

This Policy will help you understand:

  1. How we collect and use children’s personal information

  2. Children’s personal information that we may share, transfer, or disclose

  3. How we store and protect children’s personal information

  4. How to manage children’s personal information

  5. Third-party services

  6. Amendments to this Policy

I. How We Collect and Use Children’s Personal Information

(1) General Principles

We will strictly fulfill our legal obligations and responsibilities to protect children’s personal information in accordance with applicable laws. We follow the principles of legitimacy, necessity, explicit consent, clear purpose, security assurance, and lawful use. We will collect and use children’s personal information only after obtaining guardian consent:

  1. For certain individual services of VAR+, we may require users to provide their date of birth or determine whether a user is a child based on the identification information provided. In accordance with laws and regulations, children may continue to use the relevant services of VAR+ after obtaining guardian consent.

  2. When we determine that a user is a child, we may collect the guardian’s contact information (such as mobile phone number or email address) and contact the guardian to verify the guardianship relationship. To better protect children’s rights and interests, we may collect additional information from the guardian (such as full name, ID card, household registration, or other proof of guardianship) to further verify the guardianship relationship.

  3. During a child’s use of VAR+ services, we may also collect and use other personal information of the child. If we need to collect and use personal information beyond the scope described above, we will seek guardian consent again.

(2) Exceptions to Authorization Requirements

According to relevant laws and regulations, we may collect children’s information without prior authorization and consent from the child and/or guardian in the following circumstances:

  1. Directly related to national security, national defense security, public security, public health, or major public interests;

  2. Directly related to criminal investigation, prosecution, trial, or enforcement;

  3. To protect major lawful rights and interests such as life or property of the child or others, where it is difficult to obtain guardian consent;

  4. Information that has been publicly disclosed by the child or guardian;

  5. Information collected from legally publicly disclosed sources, such as legal news reports, government disclosures, or other channels;

  6. Necessary for entering into a contract at the request of the guardian;

  7. Necessary to maintain the safe and stable operation of VAR+, such as detecting and handling product or service failures;

  8. Information automatically retained and processed by computer information systems where such information cannot identify the child as a personal data subject;

  9. Necessary for statistical or academic research based on public interest, and where research results are de-identified before being disclosed externally;

  10. Other circumstances as provided by law.

(3) Reminder Regarding Children’s Sensitive Personal Information

The above-mentioned information provided by children or guardians, or collected by us, may include sensitive personal information of children, such as bank account numbers and transaction information.

Please exercise caution regarding children’s sensitive personal information. Guardians acknowledge and agree that such sensitive personal information may be processed in accordance with the purposes and methods described in this Policy.

II. Children’s Personal Information That We May Share, Transfer, or Disclose

(1) Sharing

We will not share children’s personal information with any third party outside VAR+ without guardian consent, except in the following circumstances:

  1. To provide our services to children. We may share children’s information with partners and other third parties to perform VAR+ service functions and enable children to use necessary services normally. For example: data service partners (including online advertising tracking, data statistics, and data analysis) and other service providers.

  2. Necessary sharing with affiliated parties. To provide consistent services under a unified account system, facilitate unified management, and ensure system and account security, children’s personal information may be shared between us and our affiliated companies when necessary.

  3. To achieve the purposes described in Section I of this Policy (“How We Collect and Use Children’s Personal Information”).

  4. To fulfill our rights and obligations under this Policy or other agreements between us and children and guardians.

  5. Sharing with entrusted advertising partners so they can understand the reach and effectiveness of advertising programs. For example, we may inform advertisers how many users viewed their advertisements or purchased products after viewing them, or provide anonymized statistical information to help them understand their audience.

  6. Within the scope permitted by law, to comply with legal obligations, protect us and our affiliates or partners, children, guardians, other users, or public interests and property, such as preventing fraud and reducing credit risks. This does not include selling, renting, or improperly sharing information for profit in violation of this Policy.

  7. To meet children’s legitimate needs or with guardian authorization and consent.

  8. At the lawful request of guardians.

  9. As provided under signed service agreements (including online electronic agreements and platform rules) or other legal documents.

  10. Based on lawful public interest and social interests.

We will only share children’s personal information for lawful, legitimate, necessary, specific, and clear purposes. We will conduct security assessments and sign strict confidentiality agreements with companies, organizations, and individuals with whom we share personal information, requiring them to process such information in accordance with our instructions, this Policy, and relevant security measures.

(2) Transfer

  1. Due to business development, we may engage in mergers, acquisitions, asset transfers, or similar transactions, and children’s information may be transferred as part of such transactions. We will conduct security assessments and require new entities holding children’s personal information to remain bound by this Policy. Otherwise, we will require them to obtain guardian consent again.

  2. With guardian consent, we may transfer children’s personal information to other parties.

(3) Disclosure

We will disclose children’s personal information only in the following circumstances and in accordance with industry-standard security measures:

  1. At the request of the child or guardian, disclosing information designated by the guardian in an agreed disclosure method.

  2. When required by law, regulation, mandatory administrative request, or judicial requirement, we may disclose children’s information according to the required type and disclosure method. In compliance with applicable laws, we will require the requesting party to provide valid legal documentation (such as subpoenas or investigation notices). We will ensure transparency within the scope permitted by law and carefully review each request to confirm its legality and limit disclosure to information lawfully authorized for specific investigative purposes.

(4) Exceptions to Prior Authorization and Consent

In the following circumstances, sharing, transferring, or disclosing children’s information does not require prior guardian consent:

  1. Directly related to national security or national defense security;

  2. Directly related to public security, public health, or major public interests;

  3. Directly related to law enforcement or judicial matters such as criminal investigation, prosecution, trial, or enforcement;

  4. To protect major lawful rights and interests such as life or property where guardian consent is difficult to obtain;

  5. Information publicly disclosed by children or guardians;

  6. Information collected from legally public sources such as legal news or government disclosures;

  7. Related to fulfilling our statutory obligations.

Under the law, sharing, transferring, or publicly disclosing anonymized personal information that cannot identify or re-identify the data subject does not require guardian notification or consent.

III. How We Store and Protect Children’s Personal Information

(1) Storage

Unless otherwise required by law or regulatory authorities, we will retain children’s personal information only for the shortest time necessary to fulfill the purposes described in this Policy.

If we cease services or operations, we will immediately stop collecting children’s personal information and, in accordance with applicable laws, notify you in advance and delete or anonymize such information after service termination, unless otherwise required by law or regulators.

(2) Protection Measures

We attach great importance to children’s privacy and security. We have established a dedicated security team and implemented all reasonable and feasible measures to protect children’s personal information:

  • We apply technical measures such as encrypted storage to ensure data security.

  • We strictly limit employee access based on the principle of minimum authorization.

  • Employee access to children’s personal information requires approval from the person responsible for children’s personal information protection or their authorized manager.

  • We record access logs and apply technical measures to prevent illegal copying or downloading of children’s data.

  • If we discover that children’s personal information has been or may be leaked, damaged, or lost, we will immediately activate emergency response plans, take remedial actions, and notify affected guardians and children via email, mail, phone, or public announcements.

For more details, please refer to the section “How We Store and Protect Personal Information” in the VAR+ Privacy Policy.

Due to technical limitations and risk prevention constraints, even with enhanced security measures, we cannot guarantee 100% information security. Guardians should understand that systems and telecommunications networks used by children to access VAR+ services may experience issues beyond our control.

Please keep your VAR+ account credentials (account, password, and other identification factors) secure. If guardians or children disclose such information, it may result in loss or harm. If you suspect that account credentials have been compromised, please contact us immediately so we can take timely protective measures.

IV. How We Manage Children’s Personal Information

While children use VAR+ services, we will provide appropriate functions or contact channels (as listed in the “How to Contact Us” section) to ensure that guardians and children can access, modify, or delete children’s personal information.

When requesting access, modification, or deletion, we may require identity verification to ensure security. Unless otherwise required by law, changes or deletions may not immediately reflect in backup systems but will be updated once backups are refreshed.

(1) Right of Access

Guardians and children may view personal information provided or generated while using VAR+, such as personal profile data, certain usage records, and published content.

(2) Correction

We encourage guardians and children to update and correct personal information to ensure accuracy. If incorrect information is identified, you may contact us for correction. We will promptly address the issue after identity verification.

(3) Deletion

Depending on the services used, guardians and children may independently delete certain personal information.

Guardians and children may also directly request deletion in the following circumstances:

  1. If we collect, store, use, transfer, or disclose children’s personal information in violation of laws, regulations, or agreements;

  2. If such processing exceeds the stated purpose or necessary time period;

  3. If the guardian withdraws consent.

Please note that deleting specific personal information may result in the inability to continue using all or part of VAR+ services.

(4) Changes to Authorization and Consent

Guardians and children may always choose whether to provide information. Some information is required to use VAR+, while most other information is optional.

Guardians and children may change the scope of authorization or withdraw consent by deleting information, disabling device functions, etc.

After consent is withdrawn, we will no longer provide corresponding services or process the related information. However, withdrawal of consent will not affect processing conducted prior to withdrawal based on valid authorization.

V. Third-Party Services

The VAR+ services may access or link to social media platforms or other services (including websites or other forms of services) provided by third parties for children. For details about the types of third-party services that we access or link to, please refer to the section “Third-Party Services” in the VAR+ Privacy Policy.

Such third-party social media platforms or other services are operated by the relevant third parties. A child’s use of those third-party social media services or other services (including any information provided by the child to such third parties) shall be subject to the third party’s terms of service and information protection statements (not this Policy). Guardians and children are required to carefully read those terms.

This Policy applies only to the personal information we collect and does not apply to any services provided by third parties or the rules governing how third parties use information. If guardians or children discover that such third-party social media platforms or other services pose potential risks, they should discontinue the relevant activities in order to protect the child’s lawful rights and interests and promptly contact us.

VI. Amendments to This Policy

In order to provide better services, we may revise the terms of this Policy from time to time in accordance with updates to VAR+ and relevant laws and regulations. Such revisions shall form part of this Policy.

If these updates result in a significant reduction of, or major changes to, the rights and interests of guardians and children under this Policy, we will notify you before the revised Policy takes effect by means such as website announcements, notices, pop-up reminders, or other appropriate methods.

If a guardian does not agree to such changes, you may choose to request that the child discontinue using VAR+. If the child continues to use VAR+, it shall be deemed that the guardian has fully read, understood, and agreed to be bound by the revised Policy.