Privacy Policy
The Personal Data Privacy Policy (“Policy”) describes the activities related to the processing of Users’ personal data when accessing the Riddle Realm website or application.
1. Subjects and Scope of Application
This Policy governs how Riddle Realm collects, processes, and stores personal data of Users who use or interact with the products, websites, applications, or services of Riddle Realm.
For the avoidance of doubt, this Privacy Policy applies only to individual Users. Riddle Realm encourages Users to carefully read this Policy and regularly check the website for any updates made under the terms of this Policy.
2. Definitions
2.1. “User”
An individual who accesses, explores, registers for, uses, or is otherwise involved in the operation or provision of Riddle Realm’s products or services.
2.2. “Personal Data” or “PD”
Information in the form of symbols, letters, numbers, images, sounds, or similar formats in an electronic environment that is associated with or can identify a specific individual.
Personal data includes basic personal data and sensitive personal data.
2.3. Basic Personal Data includes:
(a) Full name, including middle and birth name, and any aliases (if any)
(b) Date of birth; date of death or disappearance (if applicable)
(c) Gender
(d) Place of birth, place of birth registration, permanent residence, temporary residence, current address, hometown, contact address
(e) Nationality
(f) Personal image
(g) Phone number, ID number, personal identification number, passport number, driver’s license number, vehicle registration number, personal tax ID, social insurance number, health insurance card number
(h) Marital status
(i) Family relationship information (e.g., parents, children)
(j) Individual’s account information; data reflecting personal activity/history in cyberspace
(k) Other information associated with or identifying a specific individual that is not considered sensitive personal data
(l) Other data as regulated by applicable law
2.4. Sensitive Personal Data
Personal data closely linked to an individual’s privacy, which if compromised, may directly affect their lawful rights and interests, including:
(a) Political or religious views
(b) Health status and private life recorded in medical records, excluding blood type
(c) Information on racial or ethnic origin
(d) Genetic information inherited or acquired by the individual
(e) Physical traits or biometric characteristics of the individual
(f) Sexual life and sexual orientation
(g) Criminal records or criminal acts collected and stored by law enforcement agencies
(h) User information from credit institutions, foreign bank branches, intermediary payment service providers, or other authorized institutions, including: legal identity data, account information, deposit information, asset custody details, transaction data, guarantor information
(i) Location data obtained through geolocation services
(j) Other personal data classified by law as sensitive and requiring special protection
2.5. Personal Data Protection
Refers to activities aimed at preventing, detecting, preventing recurrence of, and handling violations related to personal data in accordance with the law.
2.6. Personal Data Processing
One or more actions performed on personal data, such as: collection, recording, analysis, verification, storage, modification, publication, combination, access, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other related activities.
2.7. Third Party
Any organization or individual other than Riddle Realm and the User as defined in this Policy.
For clarity, any terms not defined in this section shall be interpreted and applied in accordance with the laws of Vietnam.
3. Purposes of Personal Data Processing
3.1. Riddle Realm may process Users’ personal data for one or more of the following purposes:
(a) To provide Riddle Realm’s products or services
(b) To modify, update, secure, and improve the products, services, and applications provided to Users
(c) To verify identity and ensure the security of Users’ personal data
(d) To respond to service requests and support needs of Users
(e) To inform Users of changes to policies or promotions related to Riddle Realm’s products or services
(f) For internal analysis and processing to improve product/service quality or perform marketing and communication activities
(g) To prevent and detect fraud, identity theft, and other illegal activities
(h) To establish or enforce legal rights or defend against legal claims of Riddle Realm, Users, or other individuals, including data exchange with other entities to detect and prevent fraud or reduce credit risk
(i) To comply with applicable law, relevant industry standards, and internal policies
(j) Any other purpose directly related to Riddle Realm’s operations
3.2. Consent for Additional Purposes
Riddle Realm will request the User’s consent before using their personal data for any purposes not listed in Section 3.1 above, either at the time of data collection or before conducting any related processing, unless otherwise required or permitted by law.
4. User Personal Data Security
4.1. Users’ personal data is committed to being maximally protected in accordance with Riddle Realm’s policies and legal regulations. The processing of each User’s personal data will only be carried out with their consent, unless otherwise provided by law.
4.2. Riddle Realm does not use, transfer, provide, or share Users’ personal data with any third parties without the User’s consent, unless otherwise required by law.
4.3. Riddle Realm will comply with other personal data protection principles as prescribed by applicable law.
4.4. Riddle Realm employs various information security technologies to safeguard Users’ personal data from unauthorized access, use, or sharing. However, no data can be 100% secure. Therefore, Riddle Realm commits to maximizing the protection of Users’ personal data. Certain unintended consequences or damages may still occur, including but not limited to:
(a) Hardware or software errors during data processing resulting in data loss
(b) Security vulnerabilities beyond Riddle Realm’s control, such as cyberattacks on related systems leading to data breaches
(c) Users accidentally disclosing their own data due to negligence or fraud; accessing websites or downloading apps containing malware, etc.
4.5. Users are advised to keep their electronic devices secure during use and should lock, log out of, or exit their accounts on Riddle Realm’s websites or applications when not in use.
5. Types of Personal Data Collected and Processed by Riddle Realm
To provide products and services to Users and/or process their requests, Riddle Realm may need to and/or be required to collect personal data, including:
(a) Users’ basic personal data and that of related individuals
(b) Users’ sensitive personal data and that of related individuals
(c) Data related to websites or applications: technical data (as previously mentioned, including device type, operating system, browser type and settings, IP address, language settings, date and time of access, app usage statistics, app settings, connection logs, location data, and other technical communications); secure login details; usage data
(d) Marketing data: interests in advertisements; cookie data; clickstream data; browsing history; responses to direct marketing; and opt-out preferences for direct marketing
6. Methods of Personal Data Collection
Riddle Realm collects personal data from Users using the following methods:
6.1. Directly from Users through various means:
(a) When Users submit registration requests or any other forms related to Riddle Realm’s products and services
(b) When Users interact with Riddle Realm’s customer service staff via phone calls, correspondence, face-to-face meetings, emails, or social media
(c) When Users use Riddle Realm’s websites and applications
(d) When Users are contacted by and respond to marketing representatives or customer service staff of Riddle Realm
(e) When Users provide their personal information to Riddle Realm for any reason, including signing up for free trials or expressing interest in any of Riddle Realm’s products or services
6.2. From other third parties:
(a) If Users interact with third-party content or advertisements on the website or application, Riddle Realm may receive Users’ personal data from the relevant third party in accordance with their lawful privacy policy
(b) If Users choose to make electronic payments directly to Riddle Realm or through the website or app, Riddle Realm may receive personal data from third-party payment providers for this purpose
(c) To comply with its legal obligations, Riddle Realm may receive Users’ personal data from law enforcement agencies and public authorities as permitted by law
(d) Riddle Realm may receive Users’ personal data from public sources (such as telephone directories, advertisements/flyers, or public information on websites)
Whenever personal data is collected from such sources, Riddle Realm will ensure it is obtained lawfully and require such third parties to comply with data protection laws.
7. Organizations Authorized to Process Personal Data
7.1.
Riddle Realm may share or jointly process personal data with the following organizations and individuals:
(a) Contractors, agents, partners, and operational service providers of Riddle Realm
(b) Branches, business units, and employees working at Riddle Realm’s branches, units, and agencies
(c) Telecommunication companies in cases where Users fail to fulfill service payment obligations
(d) Professional advisors of Riddle Realm, such as auditors and legal counsel, as prescribed by law
(e) Courts and competent state authorities in accordance with the law and/or as required and permitted by law
7.2.
Riddle Realm commits to sharing or jointly processing personal data only when necessary for the Purposes of Processing stated in this Policy or as otherwise required by law. The receiving organizations and individuals must comply with the provisions of this Policy and relevant data protection laws.
Although Riddle Realm will make every effort to anonymize/encrypt User information, the risk of data disclosure in force majeure circumstances cannot be completely ruled out.
7.3.
In the event of involvement by other personal data processing organizations as specified in this section, the User agrees that Riddle Realm will notify the User before proceeding.
8. Processing Personal Data in Special Cases
Riddle Realm ensures that the processing of Users’ personal data complies fully with legal requirements in the following special cases:
8.1. Riddle Realm respects and protects children’s personal data. In addition to legally mandated safeguards, before processing any child’s data, Riddle Realm will verify the child’s age and obtain consent from (i) the child and/or (ii) the child’s parent or guardian as required by law.
8.2. In compliance with other applicable legal regulations, the processing of personal data of missing persons or deceased individuals must be approved by one of the legally authorized related parties.
9. Users’ Rights and Obligations Regarding Personal Data Provided to Riddle Realm
9.1. Users’ Rights
Users have the right to be informed about the processing of their personal data, unless otherwise provided by law.
(a) Users have the right to consent or refuse to allow processing of their personal data, unless otherwise stipulated by law
(b) Users have the right to access, view, edit, or request correction of their personal data by submitting a written request to Riddle Realm, unless otherwise provided by law
(c) Users have the right to withdraw their consent by submitting a written request to Riddle Realm, unless otherwise stipulated by law. Withdrawal of consent does not affect the legality of prior data processing activities conducted with consent
(d) Users have the right to delete or request deletion of their personal data via written request to Riddle Realm, unless otherwise stipulated by law
(e) Users have the right to request restriction of personal data processing by submitting a written request to Riddle Realm, unless otherwise stipulated by law. Riddle Realm will implement the restriction within 72 hours of the User’s request
(f) Users have the right to request a copy of their personal data from Riddle Realm via a written request, unless otherwise stipulated by law
(g) Users have the right to object to the processing of their personal data by Riddle Realm or Organizations Authorized to Process Personal Data, as outlined in this Policy, in order to prevent or restrict disclosure or use for advertising/marketing, unless otherwise permitted by law. Such requests will be fulfilled within 72 hours
(h) Users have the right to file complaints, denunciations, or lawsuits in accordance with legal regulations
(i) Users have the right to request compensation for actual damages caused by violations of this Policy by Riddle Realm, unless otherwise agreed or stipulated by law
(j) Users have the right to self-protection under the Civil Code and relevant laws or request competent authorities or organizations to implement civil protection measures under Article 11 of the Civil Code
(k) Other rights as provided by applicable laws
9.2. Users’ Obligations
(a) Comply with legal regulations and Riddle Realm’s policies and guidance regarding personal data processing
(b) Provide complete, truthful, and accurate personal data and other required information during registration and service use. Users must update this information in a timely manner. Riddle Realm secures data based on information provided by Users; any inaccuracy that causes harm or limits the User’s rights will not be the responsibility of Riddle Realm. Users are liable for losses or fraud resulting from their failure to update or provide correct data
(c) Cooperate with Riddle Realm, competent authorities, or third parties in resolving issues affecting personal data security
(d) Take initiative in protecting their personal data and notify Riddle Realm promptly if they detect any inaccuracies or suspect data breaches
(e) Take responsibility for the data and approvals they generate or provide in the online environment; Users are also liable for any data breaches resulting from their own actions
(f) Regularly review and follow updates to Riddle Realm’s policies as posted on websites or other communication channels; take appropriate action to express agreement or disagreement with the processing purposes notified by Riddle Realm
(g) Respect and protect other individuals’ personal data
(h) Fulfill other obligations as prescribed by law
10. Personal Data Retention
Riddle Realm commits to storing Users’ personal data only for purposes relevant to those outlined in this Policy. Personal data may also be retained for a period as required by applicable laws.
11. Cross-Border Processing of Personal Data
11.1. To fulfill the purposes of data processing outlined in this Policy, Riddle Realm may provide/share Users’ personal data with its related third parties located either in Vietnam or in other jurisdictions outside Vietnam.
11.2. When transferring personal data abroad, Riddle Realm will ensure that the recipient party guarantees the confidentiality and security of the data. Riddle Realm complies with all legal requirements concerning cross-border personal data transfer.
11.3. Users in the European Union (EU):
Users’ personal data may be accessed, transferred to, and/or stored outside the European Economic Area (EEA), including countries with lower levels of data protection according to EU law. In such cases, Riddle Realm will implement appropriate safeguards to protect the transferred personal data and ensure compliance with relevant regulations.
12. Cookies
12.1. When Users access or use the websites or online portals (collectively referred to as “electronic platforms”) of Riddle Realm, Riddle Realm may place one or more cookies on the User’s device. A “cookie” is a small file placed on the User’s device when accessing an electronic platform, which records information about the User’s device, browser, and, in some cases, their preferences and browsing habits.
Riddle Realm may use this information to recognize Users upon their return to its platforms, provide personalized services, compile analytical statistics to better understand platform performance, and improve the electronic platforms. Users may use their browser settings to delete or block cookies on their devices. However, if Users choose not to accept or block cookies from Riddle Realm‘s platforms, they may not be able to fully utilize all features offered.
12.2. Riddle Realm may process Users’ personal information through cookie technology in accordance with this Policy. Riddle Realm may also use remarketing methods to serve advertisements to individuals who have previously visited its platforms.
12.3. In cases where third parties embed content on Riddle Realm’s electronic platforms (e.g., social media features), such third parties may collect Users’ personal information (e.g., cookie data) if the User chooses to interact with such content or services.
13. Contact Information for Personal Data Processing
In case the User has any questions regarding this Policy or issues relating to their data subject rights or the processing of their personal data, the User may contact Riddle Realm via Contact Information: