NOSHBOX PRIVACY POLICY

 

Last Updated: October 2025

 

  1. INTRODUCTION

 

Welcome to Noshbox ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how Noshbox collects, uses, discloses, and safeguards your information when you use our mobile application and website (collectively, the "Platform").

Noshbox is operated by Noshbox Company Limited, located at 3rd Floor, 89 Dong Khoi, Sai Gon Ward, Ho Chi Minh City, Vietnam.

By using the Noshbox Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Platform.

 

  1. INFORMATION WE COLLECT

 

We collect several types of information from and about users of our Platform:

 

2.1 Personal Information You Provide

Account Information:

  • Full name
  • Email address
  • Phone number
  • Password (encrypted)
  • Date of birth
  • Profile picture (optional)

Reservation Information:

  • Restaurant preferences
  • Party size
  • Special requests or dietary restrictions
  • Reservation history
  • Cuisine preferences

Payment Information:

  • Credit/debit card details (processed through secure third-party payment processors)
  • Billing address
  • Transaction history

Communications:

  • Messages sent through our Platform
  • Customer support inquiries
  • Feedback and reviews
  • Survey responses

 

2.2 Information Collected Automatically

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • Mobile network information
  • IP address

Usage Information:

  • Pages or screens viewed
  • Time spent on pages
  • Search queries
  • Restaurants browsed
  • Click patterns and navigation paths
  • Access times and dates

Location Information:

  • Precise geolocation (with your permission)
  • Approximate location based on IP address
  • Location preferences for restaurant searches

Cookies and Similar Technologies:

  • Cookie
  • Web beacon
  • Pixel tags
  • Local storage
  • Session identifiers

 

2.3 Information from Third Parties

Social Media:

  • If you connect your social media accounts (Facebook, Google, etc.), we may receive profile information such as name, email, profile picture, and friends list

Restaurant Partners:

  • Confirmation of reservations
  • Dining experience information
  • Special accommodations provided

Analytics Providers:

  • Aggregated usage statistics
  • Performance metrics

 

  1. HOW WE USE YOUR INFORMATION

 

We use the information we collect for the following purposes:

 

3.1 Provide and Improve Our Services

  • Create and manage your account
  • Process and confirm restaurant reservations
  • Send booking confirmations and reminders
  • Facilitate communication between you and restaurants
  • Provide customer support
  • Personalize your experience
  • Improve Platform functionality and user experience
  • Develop new features and services

 

3.2 Communications

  • Send transactional emails and notifications
  • Provide updates about your reservations
  • Respond to your inquiries and requests
  • Send promotional offers and marketing communications (with your consent)
  • Conduct surveys and collect feedback

 

3.3 Safety and Securit

  • Verify your identity
  • Detect and prevent fraud
  • Protect against unauthorized access
  • Enforce our Terms and Conditions
  • Comply with legal obligations
  • Resolve disputes

 

3.4 Analytics and Research

  • Analyze usage patterns and trends
  • Measure Platform performance
  • Conduct market research
  • Generate aggregated statistics (anonymized)

 

3.5 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights and property
  • Enforce our agreements

 

  1. HOW WE SHARE YOUR INFORMATION

 

We do not sell your personal information. We may share your information in the following circumstances:

 

4.1 With Restaurant Partners

  • Name, phone number, and party size for reservation purposes
  • Special requests or dietary restrictions
  • Reservation details and timing
  • Dining history

 

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Payment processors (for secure payment transactions)
  • Cloud hosting providers (for data storage)
  • Analytics providers (for usage analysis)
  • Customer support platforms
  • Email and SMS service providers
  • Marketing and advertising partners

 

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

 

4.4 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Government or regulatory requests
  • Legal proceedings
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

 

4.5 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

 

4.6 Aggregated or Anonymized Data

We may share aggregated or anonymized information that cannot identify you personally with:

  • Restaurant partners (for analytics and insights)
  • Business partners
  • Researchers
  • The public

 

  1. DATA RETENTION

 

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Information: Retained while your account is active and for a reasonable period thereafter for legal and business purposes.

Reservation History: Retained for up to 1 year (may be extended) for analytics and customer service purposes.

Payment Information: Retained as required by financial regulations and tax laws.

Communications: Retained for customer service and legal compliance purposes.

Marketing Data: Retained until you withdraw consent or request deletion.

When we no longer need your information, we will securely delete or anonymize it.

 

  1. YOUR RIGHTS AND CHOICES

 

You have the following rights regarding your personal information:

 

6.1 Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a structured, machine-readable format

 

6.2 Correction and Update

  • Update or correct inaccurate information
  • Complete incomplete information

 

6.3 Deletion

  • Request deletion of your personal information (subject to legal obligations)
  • Close your account

 

6.4 Restriction and Objection

  • Restrict processing of your information
  • Object to processing based on legitimate interests
  • Opt out of marketing communications

 

6.5 Withdraw Consent

  • Withdraw consent for data processing at any time (where consent is the legal basis)

 

6.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@noshbox.vn
  • n-app: Settings > Privacy > Data Rights Request
  • Noshbox Company Limited, 3rd Floor, 89 Dong Khoi, Sai Gon Ward, Ho Chi Minh City, Vietnam

We will respond to your request within thirty (30) days.

 

  1. COOKIES AND TRACKING TECHNOLOGIES

 

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences.

 

7.2 Types of Cookies We Use

Essential Cookies:

  • Required for Platform functionality
  • Enable account login and security features
  • Cannot be disabled

Performance Cookies:

  • Collect information about how you use our Platform
  • Help us improve performance and user experience

Functional Cookies:

  • Remember your preferences and settings
  • Provide personalized features

Advertising Cookies:

  • Deliver relevant advertisements
  • Measure advertising effectiveness
  • Track conversions

 

7.3 Managing Cookies

Web Browser:

  • Adjust your browser settings to refuse cookies
  • Delete existing cookies
  • Note: Disabling cookies may limit Platform functionality

Mobile App:

  • Adjust settings in your device's privacy settings
  • Opt out of personalized advertising in app settings

Third-Party Cookies:

 

  1. DATA SECURITY

 

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and password protection
  • Regular security assessments and penetration testing
  • Firewalls and intrusion detection systems

Organizational Measures:

  • Access controls and role-based permissions
  • Employee training on data protection
  • Confidentiality agreements with staff and vendors
  • Incident response procedures
  • Regular security audits

Payment Security:

  • PCI-DSS compliant payment processing
  • We do not store complete credit card information
  • Tokenization of payment data

Despite our efforts, no security system is completely secure. We cannot guarantee absolute security of your information.

 

  1. CHILDREN'S PRIVACY

 

Noshbox is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@noshbox.vn, and we will delete such information promptly.

 

  1. INTERNATIONAL DATA TRANSFERS

 

Your information may be transferred to and processed in countries other than Vietnam, including Singapore, where our technology partner Mobilio Asia Pte Ltd is located.

When we transfer your information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses
  • Data processing agreements
  • Security measures to protect your data

 

  1. THIRD-PARTY LINKS AND SERVICES

 

Our Platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

Third-Party Services We May Use:

  • Social media platforms (Facebook, Instagram, Google, Zalo)
  • Payment processors (local payment gateways, international processors)
  • Analytics providers (Google Analytics, Firebase)
  • Map services (Google Maps)
  • Communication platforms

 

  1. MARKETING AND COMMUNICATIONS

 

12.1 Marketing Messages

With your consent, we may send you promotional messages about:

  • New restaurant partners
  • Special offers and discounts
  • Platform updates and features
  • Personalized recommendations

 

12.2 Opt-Out Options

You can opt out of marketing communications at any time:

  • Click "Unsubscribe" in any marketing email or SMS
  • Adjust preferences in your account settings
  • Contact us at privacy@noshbox.vn

Note: You cannot opt out of transactional messages (reservation confirmations, account notifications, security alerts, etc.).

 

12.3 Push Notifications

You can control push notifications through:

  • Your device settings
  • In-app notification preferences

 

  1. VIETNAM DATA PROTECTION

 

We comply with Vietnam's Personal Data Protection Decree No. 13/2023/ND-CP and related regulations.

Your Rights Under Vietnamese Law:

  • Right to be informed about data processing
  • Right to consent to data collection and use
  • Right to access your personal data
  • Right to request correction or deletion
  • Right to withdraw consent
  • Right to request restriction of processing
  • Right to data portability
  • Right to file complaints with authorities

Data Processing Principles: Chúng tôi xử lý dữ liệu cá nhân của bạn theo các nguyên tắc sau:

  • Lawfulness and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Security and confidentiality

Data Localization: In compliance with Vietnamese regulations, certain categories of personal data are stored on servers located in Vietnam. This includes:

  • User account information
  • Reservation records
  • Payment transaction data
  • Communications with customer support

Consent: We obtain your explicit consent before:

  • Collecting and processing sensitive personal data
  • Sharing your data with third parties (except as required by law or for service provision)
  • Sending marketing communications
  • Using your data for purposes beyond the original collection purpose

Cross-Border Data Transfer: When we transfer your data outside of Vietnam (such as to our technology partner in Singapore), we ensure:

  • Adequate protection measures are in place
  • Compliance with Vietnamese data protection laws
  • Your rights remain protected

Data Breach Notification: In the event of a data breach that may affect your rights and interests, we will:

  • Notify relevant Vietnamese authorities within 72 hours of discovery
  • Inform affected users promptly
  • Take immediate steps to mitigate harm
  • Implement measures to prevent future breaches

Contact for Vietnamese Data Protection Matters: For questions or complaints regarding data protection under Vietnamese law, contact:

You may also file a complaint with the relevant Vietnamese data protection authority.

 

  1. CHANGES TO THIS PRIVACY POLICY

 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notice of Changes:

  • We will post the updated Privacy Policy on our Platform
  • We will update the "Last Updated" date
  • For material changes, we will provide prominent notice through:
    • Email notification
    • In-app notification or banner
    • SMS notification (for significant changes)

Your Continued Use: Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

Review Period: For material changes, we may provide a review period before the changes take effect, allowing you to review and decide whether to continue using our services.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

 

  1. CONTACT US

 

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Noshbox Company Limited

General Inquiries:

Email: contact@noshbox.vn

Privacy Matters:

Email: privacy@noshbox.vn

Data Protection Officer: dpo@noshbox.vn

Mailing Address:

Noshbox Company Limited

Noshbox Company Limited

Sai Gon Ward, Ho Chi Minh City

Thành phố Hồ Chí Minh

Vietnam

Response Time:

We aim to respond to all inquiries within thirty (30) days. For urgent privacy matters, please mark your communication as "Urgent" and we will prioritize your request.

Languages:

We can respond to inquiries in Vietnamese and English.

 

  1. CONSENT AND ACKNOWLEDGMENT

 

By using the Noshbox Platform, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and disclosure of your information as described herein
  • You understand your rights regarding your personal data
  • You agree to the terms of data processing outlined in this policy

For certain processing activities, we will seek your explicit consent through:

  • Opt-in checkboxes during registration
  • In-app consent prompts
  • Email or SMS confirmation

You may withdraw your consent at any time by:

  • Adjusting your account settings
  • Contact us at privacy@noshbox.vn
  • Using the opt-out mechanisms provided in communications Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

 

  1. DEFINITIONS

 

For the purposes of this Privacy Policy:

"Personal Information" or "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

"Processing" means any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction. "Controller" means Noshbox Company Limited, which determines the purposes and means of processing personal data.

"Controller" means Noshbox Company Limited, which determines the purposes and means of processing personal data.

"Processor" means any third party that processes personal data on behalf of the Controller.

"Consent" means any freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.

"Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

"Third Party" means any natural or legal person, public authority, agency, or body other than you, Noshbox, or our processors.

 

  1. SPECIFIC PROVISIONS FOR SENSITIVE DATA

 

Sensitive Personal Data includes information about:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Health data
  • Biometric data for identification purposes
  • Sexual orientation
  • Criminal records

Collection and Use: We do not routinely collect sensitive personal data. If we need to collect such data for specific purposes (e.g., dietary restrictions for religious or health reasons), we will:

  • Obtain your explicit consent
  • Clearly explain why we need this information
  • Use it only for the specified purpose
  • Implement additional security measures
  • Limit access to authorized personnel only

Your Rights: You have the right to:

  • Refuse to provide sensitive personal data
  • Withdraw consent at any time
  • Request deletion of sensitive data

 

  1. AUTOMATED DECISION-MAKING AND PROFILING

 

Automated Decision-Making: We may use automated systems to:

  • Recommend restaurants based on your preferences and history
  • Personalize search results
  • Detect fraudulent activities
  • Optimize platform performance

Profiling: We may create user profiles based on:

  • Dining preferences and history
  • Search patterns
  • Location preferences
  • Cuisine preferences

Your Rights: You have the right to:

  • Request human review of automated decisions
  • Express your point of view
  • Contest automated decisions that significantly affect you

 

  1. UPDATES TO CONTACT INFORMATION

 

It is your responsibility to ensure that your contact information (email address, phone number) is accurate and up to date. If your contact information changes:

  • Update it immediately in your account settings
  • Contact us if you cannot access your account
  • Notify us if you no longer have access to your registered email or phone number
  • We are not responsible for failed communications due to outdated contact information.

 

  1. CONTACT US

 

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Noshbox Company Limited

General Inquiries:

Email: contact@noshbox.vn

Privacy Matters:

Email: privacy@noshbox.vn

Data Protection Officer: dpo@noshbox.vn

Mailing Address:

Noshbox Company Limited

Noshbox Company Limited

Sai Gon Ward, Ho Chi Minh City

Thành phố Hồ Chí Minh

Vietnam

Response Time:

We aim to respond to all inquiries within thirty (30) days. For urgent privacy matters, please mark your communication as "Urgent" and we will prioritize your request.

Languages:

We can respond to inquiries in Vietnamese and English.

 

  1. CONSENT AND ACKNOWLEDGMENT

 

By using the Noshbox Platform, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and disclosure of your information as described herein
  • You understand your rights regarding your personal data
  • You agree to the terms of data processing outlined in this policy
  • For certain processing activities, we will seek your explicit consent through:
  • Opt-in checkboxes during registration
  • In-app consent prompts
  • Email or SMS confirmation
  • You may withdraw your consent at any time by:
  • Adjusting your account settings
  • Contact us at privacy@noshbox.vn
  • Using the opt-out mechanisms provided in communications Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

 

  1. DEFINITIONS
  • For the purposes of this Privacy Policy:
  • "Personal Information" or "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
  • "Processing" means any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction. "Controller" means Noshbox Company Limited, which determines the purposes and means of processing personal data.
  • "Controller" means Noshbox Company Limited, which determines the purposes and means of processing personal data.
  • "Processor" means any third party that processes personal data on behalf of the Controller.
  • "Consent" means any freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.
  • "Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
  • "Third Party" means any natural or legal person, public authority, agency, or body other than you, Noshbox, or our processors.

 

  1. SPECIFIC PROVISIONS FOR SENSITIVE DATA

 

Sensitive Personal Data includes information about:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Health data
  • Biometric data for identification purposes
  • Sexual orientation
  • Criminal records
  • Collection and Use: We do not routinely collect sensitive personal data. If we need to collect such data for specific purposes (e.g., dietary restrictions for religious or health reasons), we will:
  • Obtain your explicit consent
  • Clearly explain why we need this information
  • Use it only for the specified purpose
  • Implement additional security measures
  • Limit access to authorized personnel only
  • Your Rights: You have the right to:
  • Refuse to provide sensitive personal data
  • Withdraw consent at any time
  • Request deletion of sensitive data

 

  1. AUTOMATED DECISION-MAKING AND PROFILING

 

Automated Decision-Making: We may use automated systems to:

  • Recommend restaurants based on your preferences and history
  • Personalize search results
  • Detect fraudulent activities
  • Optimize platform performance

Profiling: We may create user profiles based on:

  • Dining preferences and history
  • Search patterns
  • Location preferences
  • Cuisine preferences

Your Rights: You have the right to:

  • Request human review of automated decisions
  • Express your point of view
  • Contest automated decisions that significantly affect you

 

  1. UPDATES TO CONTACT INFORMATION

 

It is your responsibility to ensure that your contact information (email address, phone number) is accurate and up to date. If your contact information changes:

  • Update it immediately in your account settings
  • Contact us if you cannot access your account
  • Notify us if you no longer have access to your registered email or phone number
  • We are not responsible for failed communications due to outdated contact information.

 

  1. DATA SUBJECT REQUESTS

 

How to Submit a Request: To exercise your data protection rights, you may submit a request:

Information Required: To process your request, please provide:

  • Your full name
  • Registered email address or phone number
  • Account username (if applicable)
  • Specific details of your request
  • Proof of identity (for security purposes)

Verification Process: For your security, we will verify your identity before processing requests. We may ask for:

  • Additional identification documents
  • Answers to security questions
  • Verification code sent to your registered email or phone

Response Time:

  • We will acknowledge receipt of your request within 5 business days
  • We will respond to your request within 30 days
  • If we need more time (complex requests), we will notify you and explain the delay

Free of Charge: We will process your first request free of charge. For subsequent repetitive or manifestly unfounded requests, we may charge a reasonable administrative fee.

 

  1. COMPLAINTS AND DISPUTE RESOLUTION

 

Internal Complaints: If you have concerns about how we handle your personal data:

  • Contact our Data Protection Officer at dpo@noshbox.vn
  • We will investigate your complaint within 15 business days
  • We will provide a written response explaining our findings and any corrective actions

Escalation: If you are not satisfied with our response:

  • You may escalate to our senior management at contact@noshbox.vn
  • We will conduct a secondary review within 15 business days Mediation: Before pursuing legal action, we encourage parties to attempt mediation to resolve disputes amicably.

Mediation: Before pursuing legal action, we encourage parties to attempt mediation to resolve disputes amicably.

 

  1. ACKNOWLEDGMENT AND ACCEPTANCE

 

By clicking "I Accept," creating an account, or using the Noshbox Platform, you acknowledge that:

  • You have read this Privacy Policy in its entirety
  • You understand how we collect, use, and share your personal information
  • You understand your rights regarding your personal data
  • You consent to our data processing practices as described
  • You are at least 13 years of age (or the applicable age of digital consent in your jurisdiction)
  • The information you provide is accurate and complete
  • You will update your information when it changes
  • You understand that you can withdraw consent or exercise your rights at any time

For Vietnamese Users: By using Noshbox, you specifically consent to the processing of your personal data in accordance with Vietnam's Personal Data Protection Decree No. 13/2023/ND-CP.

 

END OF PRIVACY POLICY