Privacy Policy and Terms of Use

Thank you for trusting SonMani. We are committed to protecting the personal data you provide using appropriate measures, to the highest reasonable extent within SonMani's ability. This Privacy Policy describes how we collect, use and protect personal data, as well as the conditions of use for the website, application and content provided by SonMani.

By continuing to use the service, you confirm that you have read, understood and agreed to the contents of our Privacy Policy and Terms of Use.

PART A – PRIVACY POLICY

1. Scope of application

This policy applies to:

• The website and the pages/sub-pages under the SonMani domain (sonmani.vn).
• The Mālā application and related features.
• The official contact channels announced by SonMani (contact form, email, notifications, etc.).

This policy does not apply to third-party websites/services that SonMani links to or embeds content from (such as videos from YouTube). When you interact with third-party content or links, data may be collected under their own policies; SonMani does not control and is not responsible for the data processing of those parties.

2. Definitions and roles

“Service” means all products, features and content provided or operated by SonMani, including (but not limited to) the SonMani website, the Mālā application, related pages and features, and the user support or care channels managed by SonMani.

“Personal data” means information that is linked to or helps identify an individual under the laws of Vietnam.

“Data processing” means any operation performed on data (collection, recording, storage, retrieval, modification, sharing, deletion, anonymization, etc.).

“Data subject/User” means a person who visits the website or registers for/uses the Mālā application.

“SonMani/We” means the entity operating the Service. Depending on the specific activity, SonMani may be the data controller and/or the data controller-and-processor as defined by the regulations.

“Service provider” means a third party that provides technical infrastructure (website platform, cloud servers, database, email, notifications, analytics, etc.).

3. Legal basis and processing principles

This policy is built and operated on the basis of compliance with the laws of Vietnam on personal data protection, cybersecurity and related regulations, including:

• Law on Personal Data Protection No. 91/2025/QH15 (applied according to its scope of regulation).
• Decree No. 356/2025/NĐ-CP detailing a number of articles and measures for implementing the Law on Personal Data Protection.
• Law on Cybersecurity No. 24/2018/QH14 (applicable through 30/06/2026) and its implementing documents; and Law on Cybersecurity No. 116/2025/QH15 (effective from 01/07/2026) together with its implementing documents, applied according to their scope of regulation and effective dates.
• The Law on Intellectual Property and related regulations, to the extent the Service contains content, images, articles or materials cited from various sources.

SonMani's data processing principles include: lawfulness, transparency, purpose limitation and data minimization. Accordingly, SonMani collects only the necessary information, uses it only within the stated purposes, and prioritizes measures to safeguard your security and privacy within reasonable technical and operational limits.

4. Data we collect

Depending on how you use the Service and your choices, SonMani may collect and process the following groups of data. However, we always avoid collecting data beyond what a feature needs.

4.1. Data you actively provide

SonMani may receive data when you voluntarily provide it, for example contact information to respond to a request; information necessary to create and maintain an account; or data or content you enter so the Service can perform the function you request.

4.2. Data collected automatically

When you access the website and application, the system may record technical data and operational logs to ensure operation, security and service quality. Such data may include browser information, access times, technical events, system logs, etc. This data may be used in aggregated or de-identified form where appropriate. In certain specific cases, such as incident or cybersecurity investigations, the data may be used for tracing pursuant to a lawful request.

4.3. Cookies and similar technologies

The Service may use cookies and similar technologies for the following purposes:

• Essential cookies: necessary for the Service to function (for example: maintaining the login session, security, load balancing).
• Analytics/measurement cookies: help understand how users use the Service in order to improve performance and experience (usually in statistical/aggregated form).

You can manage cookies through your browser settings. Disabling cookies may cause some features to work unstably or become limited.

5. Purposes and legal basis for processing data

SonMani processes personal data primarily to:

• Provide and operate the Service (authentication, maintaining accounts/active sessions, providing features, responding to support).
• Improve the experience and quality of the Service (evaluating performance, fixing errors, developing features).
• Ensure security, prevent fraud/abuse, and protect the system and users.
• Comply with legal obligations and respond to lawful requests from competent authorities (if any).

The basis for processing may include: your consent (where applicable), the necessity to provide the Service at your request, legal obligations, or SonMani's legitimate interest in protecting the security and operation of the Service, to the extent permitted by law.

6. Consent and withdrawal of consent

In cases where the law requires consent, SonMani will ask you to express consent through an active, clearly recognizable and demonstrable action. You have the right to withdraw your consent at any time by contacting SonMani. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal; however, some features may not work if the related data is necessary for that feature.

7. Data sharing and service providers

SonMani does not sell or rent your personal data. We only share data to the extent necessary, including:

• Technical infrastructure providers that process data on behalf of SonMani to operate the Service (under a contract/confidentiality undertaking and only according to SonMani's instructions).
• Third parties when you request or actively use their integrated feature/link (in which case the third party's policy applies).
• Competent state authorities upon a lawful request as prescribed.

When working with service providers, SonMani requires appropriate security measures, purpose limitation, limitation of the scope of data needed, and/or appropriate data lifecycle management mechanisms (including deletion, return, anonymization or restriction of processing where appropriate and technically feasible), in accordance with the law.

Due to the operating nature of providers, data may be stored/processed on servers located outside the territory of Vietnam and/or in various regions at different times. Storage/processing of data abroad (if any) is carried out to operate the Service, ensure security, back up/restore, and maintain system quality. SonMani applies reasonable protective measures (such as access control, authorization, backups, and other technical/organizational measures commensurate with the risk) and requires service providers to apply corresponding security undertakings within SonMani's scope of control.

8. Retention period

SonMani retains data throughout the time you maintain an account, use the Service, and/or throughout the time the Service remains in operation, unless the law requires a longer retention period.

Technical data (system logs, security data, backup/restore copies) may be retained for an additional reasonable period to ensure operation, prevent fraud/abuse, maintain security and resolve incidents.

Due to technical characteristics and backup mechanisms, SonMani cannot guarantee that all data will be deleted immediately or completely removed from all backups/logs. When you request deletion, SonMani will receive and assess it within an appropriate scope; where complete deletion is not possible, SonMani may apply alternative measures such as removal from the account, restriction of access/processing, and/or de-identification/anonymization where appropriate and to the extent permitted by law.

9. Rights of the data subject and how to exercise them

You have rights over your personal data under the law, including the right to be informed, the right of access, the right to rectification, the right to restrict/object to processing, and other rights (within an appropriate scope).

How to exercise your rights:

• Send a request via the official contact email.
• Provide the information necessary for SonMani to verify your identity and the scope of the request.

SonMani receives and handles requests within the statutory time limits and procedures; where additional time is needed due to complexity, we will give appropriate notice.

In certain cases, SonMani has the right to refuse or limit the exercise of a right where the law permits (for example: to comply with a legal obligation, protect security, or protect the legitimate rights and interests of another party).

10. Cybersecurity, prevention and handling of violations

SonMani applies reasonable technical and organizational measures to protect the Service and data from unauthorized access, loss, misuse, alteration, disclosure or destruction. However, no system is absolutely secure; therefore SonMani cannot guarantee that the Service will be completely immune to all cybersecurity risks.

10.1 Protective measures implemented by SonMani

Depending on the scope of operation and the level of risk, SonMani may apply one or more of the following measures:

• Access control and authorization for systems, databases and administrative tools; limiting permissions according to job needs.
• Protecting the data transmission line with encrypted connections/HTTPS where available, reducing the risk of eavesdropping or interception in transit.
• Backup and recovery at a reasonable level to minimize impact when a system error or incident occurs.
• Updates, patching and risk management: maintaining reasonable updates for system components, libraries and security configurations.
• Anti-abuse measures: mechanisms to limit, block, or disable behavior suspected of fraud/abuse (including scraping, automated attacks, and probing).

10.2 User responsibilities

You are responsible for protecting your account and devices, including:

• Keeping your login credentials confidential; not sharing your account for unauthorized use by others.
• Setting a sufficiently strong password; logging out of public or shared devices.
• Notifying SonMani as soon as you suspect your account has been compromised, accessed without authorization, or shows unusual activity.
• Not engaging in conduct prohibited under the Terms, including but not limited to interfering with the system, exploiting vulnerabilities, distributing malware, or collecting data without authorization.

10.3 System logs and technical data

To operate, ensure security and resolve incidents, SonMani may collect/store system logs and technical data (for example: access times, IP addresses, device/browser information, error events, access traces) within a necessary and reasonable scope.

System logs may be used to:

• Detect, prevent and investigate fraud/abuse;
• Analyze, fix errors and optimize performance;
• Respond to lawful requests from competent authorities as prescribed by law.

10.4 Security incident handling and notification

When a cybersecurity/data security incident occurs or is suspected, SonMani may take one or more of the following measures:

• Activate the incident response process (isolating the affected system, controlling access, changing keys/credentials when necessary);
• Assess the scope of impact, the types of data involved, the cause and remedial measures;
• Restore the service from backups/contingency solutions (where appropriate);
• Coordinate with infrastructure/technical providers and/or competent authorities when necessary;
• Apply measures to reduce the risk of recurrence.

Where an incident falls within the category requiring notification under the law on personal data protection, SonMani will notify the specialized personal data protection authority no later than 72 hours from detection (to the extent and under the conditions required by law).

SonMani may also notify affected users through available contact channels when it assesses that the incident is likely to pose a significant risk to users' legitimate rights and interests, or where the law so requires.

10.5 Limitation and exclusion of liability

SonMani is not responsible for damages arising from causes beyond its reasonable control, including but not limited to:

• Incidents caused by errors/insecurity on the part of the user's device, network, browser or operating system;
• Account takeover resulting from the user disclosing login credentials or using a weak password;
• Sophisticated/zero-day attacks, large-scale incidents from infrastructure/transmission providers, or force majeure events.

10.6 Incident reporting contact

If you discover a security vulnerability, suspect unauthorized access, or need urgent assistance related to account/data safety, please contact us using the information in Section 12 (Contact).

11. Changes to the Policy

SonMani may update this Policy to reflect changes in law or in the operation of the Service. When there is a significant change, we will give notice on the website/application or through an appropriate contact channel. The new version takes effect from the time of publication, unless stated otherwise.

12. Contact

For any questions or requests related to privacy, please contact us at our official email: om@sonmani.vn

PART B – TERMS OF USE

1. Acceptance of the Terms

By accessing or using the Service, you agree to comply with these Terms. If you do not agree, please do not use the Service. SonMani may update the Terms from time to time; your continued use after the Terms are updated means you accept the updated content.

2. Conditions of use and accounts

You must have full legal capacity as required to use the Service; if you are under 18 years of age, you need the supervision/consent of a parent or legal guardian.

If the Service has accounts, you are responsible for securing your login credentials and all activity arising from your account. You must provide accurate information to the extent necessary and update it when it changes.

3. Intellectual property and use of content

The content on the Service (articles, images, graphics, designs, data, and source code to the extent published, etc.) is owned by SonMani or used lawfully under license. You may access, read and share links for personal/non-commercial purposes. Copying, republishing, distributing, modifying or commercially exploiting the content requires the written permission of SonMani and/or the relevant rights holder.

Some materials and images may belong to third parties (museums/organizations/individuals). SonMani always endeavors to credit the source where appropriate; users are responsible for complying with the rights holder's conditions of use when they wish to reuse them.

4. Prohibited conduct and rules of use

You may not use the Service to carry out or support acts that violate the law or infringe the rights of others, including but not limited to:

• Unauthorized intrusion, probing for vulnerabilities, cyberattacks, distributing malware, causing disruption or degrading system safety.
• Impersonation, fraud, or the unauthorized collection/use of another person's data or login credentials.
• Posting, transmitting or storing content that violates the law, infringes privacy or intellectual property rights, or harms the community.
• Large-scale automated data extraction (scraping/data mining) or sending spam/unsolicited advertising.

SonMani may apply appropriate measures (warnings, feature restrictions, account suspension, removing/blocking content, reporting/cooperating upon a lawful request) to protect users and the system.

5. User-provided content

If the Service allows you to submit and post content, you are responsible for that content and undertake that you have the lawful right to provide it. SonMani has the right to moderate, remove or restrict the display of content that violates the Terms or upon a lawful request. To the extent necessary to operate the Service, you grant SonMani the right to use the content in the technically necessary ways (such as storing and displaying it).

6. Third-party links and services

The Service may contain links to or embedded content from third parties. SonMani is not responsible for the content, policies or activities of those third parties. You use third-party services/links at your own risk.

7. Disclaimer of warranties

The Service is provided on an as-is basis. To the extent permitted by law, SonMani does not warrant that the Service will always be error-free, uninterrupted, or meet every specific expectation. The content is for reference; you should evaluate it yourself and cross-check sources in important situations.

8. Limitation of liability

To the extent permitted by law, SonMani is not responsible for indirect, consequential or incidental damages or losses arising from your use of, or inability to use, the Service. SonMani is also not responsible for force majeure events or incidents beyond its reasonable control (for example, infrastructure failures, third-party attacks, natural disasters or war).

9. Indemnification

You agree to indemnify and hold SonMani harmless from claims, losses or expenses arising from your breach of the Terms or violation of related laws when using the Service.

10. Changing, suspending or terminating the Service

SonMani may change, suspend or terminate part or all of the Service when necessary, including (without limitation) maintenance, upgrades, a change of direction, or legal requirements. We will endeavor to give advance notice of significant changes, to a reasonable extent.

11. Governing law and dispute resolution

These Terms are governed by the laws of Vietnam. Disputes (if any) are to be resolved first by negotiation and mediation; if no agreement is reached, the dispute will be resolved at a competent court in Vietnam.

12. General provisions

If any provision is declared invalid, the remaining provisions remain in effect. SonMani's failure to enforce a right at a given time shall not be deemed a waiver of that right.

13. Effectiveness

This document takes effect from 01/01/2026.