Customer privacy & data protection
Privacy policy for kinhmatdienbienphu.com: account data, login cookies, AI concierge, internal notifications, subprocessors — aligned with how the site actually works.
Optometristvuvantiep
September 10, 2024
Privacy & data protection
This policy applies to kinhmatdienbienphu.com and related features operated by Kính Mắt Điện Biên Phủ (household business Mắt Kính Điện Biên, 529 Đường 3/2, Ward 9, District 10, Ho Chi Minh City, Vietnam). We describe what data may be processed, why, cookies and sessions, the chat assistant, third parties, and your rights — consistent with our current technical setup and applicable Vietnamese law.
In short
We use data only to run shopping, accounts, bookings, support, and the website. We do not sell customer lists to third parties for their independent advertising.
Who this covers
- Visitors browsing the site (including without an account).
- Registered customers signing in with phone/email or Google (when enabled).
- Users who book appointments, submit contact / profile-update requests, or use the on-site assistant.
Data we may collect
| Category | Examples in practice | Purpose |
|---|---|---|
| Customer account | Name, phone, email, password (hashed), flag if you already have an in-store profile | Sign-up, sign-in, password reset, Account area |
| Customer profile (CRM) | Address, gender, birthday, order history, points, prescriptions (if any) | Sales, warranty, after-sales — linked when you are an existing customer |
| Orders & appointments | Order/booking content, notes you provide | Fulfil purchases and appointments, delivery or in-store pickup |
| Concierge chat | Messages you send, assistant replies, session IDs, page path; phone if you choose to share it | Support, conversation context, service improvement |
| Contact & profile-update forms | Content you submit, preferred contact channel | Handling requests; some alerts may go to internal store channels for staff review |
| Technical | Server logs, IP (short-lived in ops logs), language cookies | Security, abuse prevention, correct language display |
Cookies & sign-in session
- Customer session: the
customer-sessioncookie (secure session token, typically httpOnly). Lifetime is configured at login (e.g. extended duration so you stay signed in). In production, cookies are sent over HTTPS. - Google sign-in (if enabled): short-lived OAuth cookies (state, return path) for security and correct redirect; after completion,
customer-sessionstill represents your customer session. - Language: cookies store your locale so the site can show your chosen language on return visits.
Your controls
Clearing browser cookies or signing out ends the session on that device. Language cookies may be set again when you pick a language.
Chat assistant & AI
- Messages may be sent to an AI model provider (e.g. OpenAI) to generate replies.
- Conversation content may be stored on our systems (database we control) to continue threads, follow up, and operate the service.
- Do not paste unnecessary sensitive data (bank passwords, OTPs, etc.). Share phone/contact details only when you want the store to reach you.
Internal notifications (e.g. Telegram)
For operations, the system may send internal messages (e.g. via Telegram) for events such as new registrations, profile update requests, high-intent leads from the assistant, or similar. This is internal store workflow, not selling data for third-party ads.
Storage, hosting & security
- Application data is mainly stored in a database (e.g. MongoDB on cloud infrastructure) managed by us / our hosting provider.
- Passwords are hashed; we do not store plaintext passwords for authentication in the database.
- Admin access is separate from customer accounts and uses its own authentication.
Sharing with third parties
- AI providers (to process chat as required by the product).
- Infrastructure providers (hosting, database, email/SMS if used) — limited to what is needed to run the service.
- Google when you choose Google sign-in — under Google’s terms for the OAuth flow.
- Authorities when legally required.
Retention
We keep data as long as needed for the purposes above: accounts, orders, warranty, accounting/tax obligations, and reasonable operations (e.g. short-lived logs). If you ask for deletion / restriction where the law allows, we act within technical limits (some records may need minimal retention by law).
Your rights
- Access & update much of your data via Account; some sensitive changes may require a form request for staff verification.
- Sign out to end the session on a device.
- Complaints about processing: contact us — we will verify and respond where we can.
Privacy works best when you protect your password, do not share OTPs, and sign in only on trusted devices.
Minors
The service is intended for users aged 16+ (or the minimum age Vietnamese law requires for the relevant transaction). If you are a parent and believe a child submitted data, please contact us.
Changes
We may update this page for new features or legal requirements. The version on kinhmatdienbienphu.com is the one in effect; the original post date may remain in article metadata for reference.
Data controller & contact
| Entity | Hộ kinh doanh Mắt Kính Điện Biên (Kính Mắt Điện Biên Phủ) |
| Address | 529 Đường 3/2, Ward 9, District 10, Ho Chi Minh City, Vietnam |
| Phone | 0978038260 · Contact |
See more: shopping & policies
Before placing a deposit for the order lenses, read payment, delivery, returns, information security. Shopping guide and promotions (if any). Old glasses exchange for new helps save costs when eligible. Contact to confirm terms before finalizing the order. For order by prescription, keep confirmation message of lens code for reference when receiving goods. If there are promotions with conditions (time, applicable products), take a photo/note the terms at the time of ordering to avoid misunderstandings later between both parties.
Loading comments...
Leave a comment
Note: Comments are moderated before they appear. Please keep your comment respectful and appropriate.