Information

Home
Infomation
Privacy policy

CHAPA EXPRESS TRAIN DATA PRIVACY POLICY


Welcome to the privacy of CHAPA TOURISM JOINT STOCK COMPANY, located at Lao Cai Station, Khanh Yen Str, Lao Cai Ward, Lao Cai city, Lao Cai province (referred to as “CHAPA Express Train”, “we”, “our”, or “us”). This policy outlines how we process personal data as the data controller for users of our website (https://www.chapaexpresstrain.com/  and individuals who book itineraries aboard our trains (“Guests”), collectively referred to as “you”.


We have drafted this Privacy Policy (the “Policy”) to provide you with transparent and comprehensive information about:

  1. The purposes and methods of personnal data processing.
  2. Your rights under applicable laws.


I. Our Commitmetn to Protecting Your Data


    We adhere to ten core principles to ensure the lawful, fair, and transparent processing of your personal data:


  1. Lawfulness: We collect and use your data only when:
  2. You provide explicit consent.
  3. It is required to perform a contract with you.
  4. Compliance with a legal obligation is necessary
  5. It protects vital interests, or we have a legitimate interest.
  6. For our legitimate interest, without adversely affecting your rights.
  7. Fairness: We explain why we need your data and ensure ethical usage.
  8. Purpose limitation: Data is collected only for specific purpose and minimized.
  9. Transparency: We inform you about how your data is used
  10. Right Facilitation: We support your rights, including access, rectification, erasure, annd objection.
  11. Storage limitation: We retain personal data for a limited period.
  12. Data Security : We protect your data’s integrity and confidentiality.
  13. Third-Party Responsibility: We ensure that any third party accessinng your data complies with our standards.
  14. International Transfers: We secure data transfer across borders.
  15. Breach Notificationns: We promptly notify relevant authorities and affected individuals of anydata breach.
  16. Retention Limitation: We store your data ony for as long as necessary.
  17. For any questions regarding these ten principles, please contact us at the coordinates indicated in article 7 “Your rights”.


II. Data We Collect


  1. For Website Users:
  2. Title, full name, email, phone, coutry, guest type, and navigation data.
  3. Any information vomutarily provided when contacting us.
  4. For Guests:
  5. Collected via booking forms or direct communication:
  6. Personal details (e.g., title, full name, date of birth, nationality).
  7. Contact information (e.g., phone numer, email, postal address).
  8. Payment details (e.g., credit card nummer for reservations).
  9. Additional preferences or comments related to your booking.
  10. Information about children traveling with you (if applicable).


III. Purpose and Retention of Your Data

      We process your data for specific purposes, as outlined below:



Purposes

Legal Basis

Retention Periods

(Thời gian lưu trữ)

Management booking and payments.


Contractual necessary


3 years from last contact



As required


Addressing preferences/special requirements needs


Consent.


Internal incident management


Legitimate interest


Up to 122 days


Emergency guest location


Vital interests


Duration of the event.


Statistical analysis and service improvement


Legitimate interest



 Customer satisfaction surveys


Consent

3 years from last contact


Responding to inquires


Legitimate interest


Duration of request hanndling


Where applicable, if your call was recorded, the related data will be retained until you object to its storage or for a period of 3 months from the call date.


Sending newsletters


Consent.


Until consent withdrawal or 3 years.


Securing online navigation


Legitimate interest


Maximum of 25 months.


Fraud prevention in payments


Legitimate interest


90 days for analysis, 2 years for system improvement used for improving the system.

In case of registration in the incident file, data will be retained for 2 years from the date of recording or until the issue is resolved, whichever is earlier.


Managing legal and accounting obligations


Compliance with legal obligations


As required by law


Litigation management


Processing necessary to our legitimate interest in establishing evidence in the event of litigation.


Statutory limitation periods.



IV. Sharing your data


Your personal data may be shared with internal and external parties under the following conditions:


  1. Internal Teams: Authorized personnel (e.g., customer service, marketing, compliance)
  2. Service providers and partners: IT hosting services, payment processor, and call centers.
  3. Local authorities: As required by law or during an investigation, or in accordance with local regulations.


V. International transfers


For purposes in Article 3 personal data may be transferred to internal or external recipients, including countries with varying data protection levels.

CHAPA Express Train ensures secure transfers, inncluding using European Commission standard contractual clauses and additional safeguards when needed.

For more on information transfer frameworks, email the address in Article 7, “YOUR RIGHTS.”


VI. Data security


CHAPA Express Train adopts robust technical and organizational measures in compliannce with applicable laws to safeguard your personal data destruction, loss, alteration; misuse, unauthorized access, modification, or disclosure, whether such actions are intentional, accidental, or unlawful.


To ensure this, we have implemented both technical measures (e.g., firewalls, data encryption) and organizational measures (e.g., controlled access, user authentication systems, physical protection protocols.) These measures are designed to maintain the confidentiality, integrity, availability, and resilience of our processing systems and services.


VII. Your Rights

You have the right to:

  1. Access, correct, or delete your personal data
  2. Withdraw consent at any time
  3. Object to data processing for specific purposes
  4. Transfer your data
  5. Give instructions regarding the processing of your data after your death



For inquiries, please contact us at reservation@chapaexpresstrain.com.


To ensure confidentiality and data protection, we may verify your identity before responding to your request. If there is reasonable doubts, you might need to provide a monochrome copy of an official ID, such as an ID card or passport.


All requests will receive a response as swiftly as possible and in compliance with applicable law.


You also have the right to lodge a complaint with a data protection authority.


tripadvisor symbol
Select your
chat method
messenger whatsapp zalo