PRIVACY POLICY

Data Controller: JSArt Co., Ltd. (“we”, “us”, “our”)

Product/Service: LunaiWork

Effective Date: 01 December 2025

Scope: This policy applies to all websites and applications operated by us that reference this Privacy Policy.

1. Categories of Personal Data We Process

We may collect and process the following personal data:

Identity & contact information: full name, address, email, phone number, nationality
Career information: education, work experience, skills, certificates, profile photo, CV, attachments
Communication preferences & linked accounts: LINE/Zalo/WhatsApp/Email, social media IDs
Technical & usage data: IP address, device/browser information, cookies, log data, referral sources
Optional information: descriptions, preferences, lifestyle details (voluntary)

We do not request sensitive data such as religious beliefs, political opinions, or health data unless required by law.

2. Purposes and Legal Bases of Processing

We process your personal data only when GDPR provides a lawful basis:

2.1. Performance of a Contract (Art. 6(1)(b))

Creating and managing your account
Providing recruitment-related features and services
Processing job applications, screening, and communication with employers

2.2. Consent (Art. 6(1)(a))

Sending job opportunities, newsletters, promotional/event content
Participation in surveys or optional programs
Sharing your profile with external employers/partners beyond your direct application

You may withdraw consent at any time without affecting the lawfulness of prior processing.

2.3. Legal Obligation (Art. 6(1)(c))

Responding to lawful requests from authorities
Complying with accounting, tax, and data-protection requirements

2.4. Legitimate Interests (Art. 6(1)(f))

Ensuring system security and preventing fraud
Service improvement, analytics, and operational maintenance
Internal administrative purposes

We ensure that our legitimate interests do not override your rights and freedoms.

3. How We Share Personal Data

We do not sell your data. We may share it only in the following cases:

3.1. Employers & Recruitment Partners

When you apply for a role, we may share your application with the relevant employer/partner.
For other opportunities, sharing occurs only with your explicit consent.

3.2. Service Providers (Processors)

We use trusted third parties who process data under contract (DPA) and confidentiality obligations:

Cloud hosting & storage
Customer support tools
Analytics and measurement tools (e.g., Google Analytics, Meta Pixel)
Payment processors (if applicable)

3.3. Legal or Safety Requirements

We may disclose data when required by law or necessary to protect rights, safety, or property.

3.4. Business Transfers

In case of mergers, acquisitions, or restructuring, your data may be transferred under GDPR-compliant safeguards.

4. International Data Transfers

If personal data is transferred outside the EEA, we ensure adequate protection through:
European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Other GDPR-approved safeguards

You may request a copy of these safeguards.

5. Data Retention

We retain personal data only as long as necessary for:

The purposes described in Section 2
Legal compliance requirements
Protection of our legitimate interests

Typical retention:

Account & profile data: stored during service use; deleted/anonymized within 72 hours upon request
Technical logs & backups: retained up to 90 days
Application data shared with employers: subject to each employer’s retention policy

6. Your Rights Under GDPR

You have the following rights under GDPR. To exercise them, contact us at any time.

6.1. Right of Access

Request a copy of your personal data and information on how it is processed.

6.2. Right to Rectification

Request correction of inaccurate or incomplete data.

6.3. Right to Erasure (“Right to be Forgotten”)

Request deletion of your data when:

It is no longer necessary
You withdraw consent
You object to processing
Processing is unlawful

6.4. Right to Restrict Processing

Limit processing under certain conditions (e.g., accuracy disputes, pending objections).

6.5. Right to Data Portability

Receive your data in a structured, machine-readable format and request transfer to another controller.

6.6. Right to Object

Object to processing based on legitimate interests or direct marketing.

6.7. Right to Withdraw Consent

Withdraw consent at any time without affecting prior processing.

6.8. Right to Lodge a Complaint

You may file a complaint with your local Data Protection Authority (DPA).

7. Security Measures

We protect your data using industry-standard safeguards, including:

Encryption (SSL/TLS)
Access control and role-based permissions
Security monitoring and incident detection
Regular backups
ISO/IEC 27001-equivalent security practices

If a data breach occurs, we will notify affected individuals and authorities according to GDPR timelines.

8. Cookies and Tracking Technologies

We use cookies to:

Maintain login sessions
Remember preferences
Analyze user behavior
Improve performance and measure campaigns

You may disable cookies in your browser settings. Some features may not function correctly without cookies.

We delete any data collected from children under 13 without parental consent.

9. External Links

Our services may contain links to third-party websites or applications.

We are not responsible for their content, security, or privacy practices.

Please review their privacy policies before providing personal data.

10. Updates to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or service operations.

Updated versions will be posted with a new effective date.

Material changes affecting your rights will be communicated in advance by email or system notification.

11. Contact Information

JSArt Co., Ltd.

Address: 2nd Floor, FLC Landmark Tower, Alley 60 Duong Khue Street,

My Dinh Ward, Nam Tu Liem District, Hanoi, Vietnam

Email: [email protected]

Hotline: +84 963 935 086

Chat with us!