Privacy Policy of Megaficus JSC
- Last updated: 27 June, 2025
Megaficus Joint Stock Company (“Megaficus,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data of our users. This Privacy Policy explains in detail how we collect, use, disclose, store, and protect your personal information when you interact with our website at https://megaficus.com (“Website”) and our related services. This policy complies with global data privacy laws, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant international privacy regulations.
Scope and Applicability
This Privacy Policy applies to all individuals globally who interact with Megaficus through our Website, email communications, or service engagements. It governs how we collect and process personal data both manually and automatically, regardless of the user’s location. This policy does not cover third-party websites or services that we do not own or control.
Data Controller Information
The data controller responsible for processing your personal data under this policy is:
Megaficus Joint Stock Company (Megaficus JSC)
GP Invest Building, Alley 170, De La Thanh Street, Dong Da District, Hanoi, Vietnam, 100000
Email: [email protected]
Types of Personal Data Collected
Megaficus collects personal information that you voluntarily provide when contacting us, requesting services, or subscribing to newsletters. This includes your full name, email address, and phone number.
We also collect technical information automatically when you interact with our Website. This includes your IP address, browser type, operating system, referring URLs, and your behavior on our site, captured through tracking tools such as Google Analytics, Microsoft Clarity, Hotjar, Meta (Facebook) Pixel, and TikTok Pixel.
For clients entering into contractual relationships, we may collect payment-related details, though full payment processing is handled through secure third-party payment providers.
We do not operate a user account login portal on our Website, so we do not collect user credentials or account profile data.
Purposes and Legal Bases for Data Processing
We process your personal data for specific purposes, including providing customer support, managing service inquiries, performing analytics, delivering targeted advertising, and complying with legal obligations.
For users in the European Economic Area (EEA), we rely on lawful bases under GDPR for processing, including your explicit consent, contractual necessity, our legitimate business interests, and compliance with legal obligations.
We obtain your consent before sending marketing communications or using non-essential cookies. You may withdraw your consent at any time.
Cookies and Tracking Technologies
Our Website uses cookies and tracking technologies to enhance user experience and collect analytics data. Cookies help us remember your preferences, analyze Website performance, and deliver targeted ads.
You can manage your cookie preferences via our cookie consent banner or by adjusting your browser settings. Detailed information about the types of cookies we use and their purpose is available in our Cookie Policy.
Data Sharing and Disclosure
We do not sell your personal data. We may share your information with trusted third-party service providers that help us deliver our services and manage business operations. This includes advertising platforms like Google, Meta, and TikTok; analytics tools such as Google Analytics, Hotjar, and Microsoft Clarity; and CRM and email marketing platforms like Odoo ERP and Nestsend by Nestscale.
We may also disclose your personal data when required to comply with legal obligations, protect our legal rights, prevent fraud, or respond to government or regulatory requests.
In the event of a business merger, acquisition, or asset sale, your data may be transferred to the acquiring entity, subject to this Privacy Policy.
International Data Transfers
Given our global service providers and international user base, your personal data may be transferred to and processed in countries outside your residence, including the United States and the European Economic Area.
We ensure that international data transfers comply with GDPR and other applicable laws by implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or using service providers certified under recognized international privacy frameworks.
Data Retention Period
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, or as required by law, tax, or regulatory obligations.
Data collected for analytics, marketing, and customer support will be retained for as long as it remains relevant for business purposes unless you request its deletion. Contractual and transactional data will be retained for periods required under applicable laws.
Data Security Measures
Megaficus employs a combination of technical, organizational, and administrative security measures to protect your personal data against unauthorized access, loss, misuse, or disclosure.
Our Website uses Secure Sockets Layer (SSL) encryption for secure data transmission. Internally, sensitive data is protected using RSA and AES encryption standards. Access to personal information is restricted to authorized personnel on a need-to-know basis.
While we take significant measures to protect your data, no method of online transmission or electronic storage is completely secure. We encourage users to exercise caution when transmitting personal data over the internet.
Your Rights
Depending on your jurisdiction, you may have the right to request access to your personal data, request corrections of inaccurate data, request deletion, restrict processing, object to data processing, and request data portability.
If you are a resident of the European Economic Area, you have the right to lodge a complaint with your local Data Protection Authority if you believe your rights under the GDPR have been violated.
For California residents, your rights under the CCPA include the right to know what categories of personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information (though we do not engage in selling data).
To exercise any of these rights, you may contact us at [email protected]. We may request identity verification before processing your request and will respond within the timeframe required by applicable laws.
Right to Lodge a Complaint with a Data Protection Authority (GDPR Users)
If you are located in the European Economic Area and believe that we have unlawfully processed your personal data or failed to uphold your rights under the GDPR, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence or with the lead supervisory authority where we primarily process data for EU users.
You can find a list of EU Data Protection Authorities at: https://edpb.europa.eu/about-edpb/board/members_en
Data Breach Notification
Megaficus has implemented a Data Breach Response Plan in accordance with GDPR, CCPA, and other applicable privacy laws. In the event of a data breach that is likely to result in a high risk to your rights and freedoms (under GDPR), or that meets notification thresholds under CCPA or other laws, we will notify affected individuals and relevant regulatory authorities within legally mandated timeframes.
Our notification will include a description of the nature of the breach, the categories of data involved, potential consequences, measures taken to mitigate harm, and recommended steps users should take to protect themselves.
We are committed to taking immediate action to contain, investigate, and resolve any such incidents.
Opt-Out Mechanisms
You may opt out of receiving marketing emails by clicking the unsubscribe link included in each communication. You can also manage your preferences by contacting us at [email protected].
For cookies and tracking technologies, you may adjust your preferences using our Website’s cookie consent tool or your browser’s privacy settings.
Automated Decision-Making and Profiling
Megaficus does not engage in profiling or automated decision-making processes that produce legal or significant effects on individuals. While we use AI and automation tools to assist in content production and internal processes, no critical decision-making about individual users is performed without human oversight.
Children’s Privacy
Third-Party Services and Integrations
Our Website integrates with third-party tools and platforms for purposes such as analytics, advertising, communication, and customer relationship management. These third parties operate independently under their own privacy policies.
Current third-party providers include Google, Meta, TikTok, Microsoft Clarity, Hotjar, Odoo ERP, and Nestsend by Nestscale. We encourage users to review these providers’ privacy policies separately.
Updates to This Privacy Policy
We reserve the right to update or revise this Privacy Policy at any time. Updates will be published on this page, with the revised effective date indicated. In cases of significant changes that materially affect your privacy rights, we will notify you via email or a Website notice before changes take effect.
We recommend that users review this Privacy Policy periodically to remain informed about how we protect personal data.
Contact Information
For any questions, concerns, requests, or complaints regarding this Privacy Policy or your personal data rights, please contact us at:
Megaficus JSC
GP Invest Building
Alley 170, De La Thanh Street
Dong Da District, Hanoi, Vietnam, 100000
Email: [email protected]
Website: https://megaficus.com
We are committed to responding promptly and in accordance with applicable data protection laws.
