Terms of Use for Credit Card Auto-Payment Service

This policy includes terms and conditions related to storing your credit card information on the Company’s system through automatic payment mechanism (tokenization), to perform automatic payment transactions when costs arise. Before registering for this service, please read carefully and confirm your agreement with all the terms below. Note: The credit card auto-payment service does not incur any additional costs or change the service fees you need to pay.

Explanation of Technology and Payment Process

Tokenization is an automated security process that encrypts the customer’s card number into a string of special characters (Token). Instead of directly storing your card information, our system only stores these Tokens, ensuring absolute security for your card information. In the event of a data breach, attackers cannot access your actual card data, as the Token codes stored in the system have no value to anyone other than the legitimate payment provider. When you register for the auto-payment service, this means you have agreed to allow the Company to store your card’s Token and use the Token to process your credit card information. You will only need to enter your credit card information once. After that, this information will be encrypted into a Token and stored on a secure platform that meets international standards for personal data protection. For subsequent transactions, the system will automatically use this Token to make payments without requiring you to re-enter card information.

Auto-Payment Operating Principles

The automatic payment process through tokenization operates according to the following principle: When costs arise from using the Company’s services, the system will automatically create a payment request and use the stored Token to perform the transaction through the payment gateway without requiring your direct participation. You will receive a notification each time a transaction is made, ensuring you are always aware of payment information. The application of this tokenization technology brings many practical benefits to you, especially enhancing security in online payments and making the payment process faster and more convenient, avoiding having to re-enter card information multiple times.

Rights and Responsibilities of Parties

Company’s Responsibilities

The Company commits to protecting your credit card information using the most advanced security measures. Your card information will be encrypted according to international security standards and only used for the purpose of paying for services you have registered for. The Company will notify you when performing any automatic payment transaction and provide complete transaction information after completion. The Company has achieved international certificates in security and quality management, including:

• ISO 27001:2013: is an international standard providing requirements for Information Security Management Systems (ISMS) to provide continuous security, integrity, and availability of information as well as legal compliance. ISO 27001 certification is necessary to protect an organization’s most important assets such as employee and customer information, brand image, and other personal information.
• ISO 27017:2015: Certificate for ensuring information security for cloud computing services.
• PCI-DSS (Payment Card Industry Data Security Standard): Certificate for payment card data security, ensuring that the Company complies with the strictest standards in processing and storing credit card information. During processing, the Company applies appropriate protection and security measures to control and prevent loss, destruction, or damage that may arise from data processing activities. The Company also commits not to share your card information with any third parties other than legally authorized payment service providers.

Customer’s Responsibilities

When registering for the auto-payment service, you need to ensure that the credit card information provided is accurate and legally owned by you. You are responsible for immediately notifying the Company if you detect any unauthorized transactions or when your card is lost, stolen, or there are changes to related information. You need to ensure the registered credit card has sufficient limit to pay for incurred fees. In case your credit card cannot make payment due to exceeding limit, expiration, or being blocked, you are still responsible for paying the fees incurred from using our services.

Security and Personal Data Processing

Information Protection Methods

All your credit card information will be encrypted into Tokens and stored on a secure system that meets international standards for personal data protection. The Company commits not to store original card information (full card number, CVV/CVC code) on the system after completing the tokenization process. This ensures that even if the system is breached, attackers cannot obtain your actual card information. The Company applies strict technical and management measures to protect your personal information from unauthorized access, use, or disclosure. These measures are periodically evaluated and updated to ensure the highest level of security for your data.

Purpose of Personal Data Processing

Your personal data, including encrypted card information, will only be processed to provide auto-payment services and services at Bizfly Cloud that you have registered for. The Company commits not to use this information for any other purpose without explicit consent from you. Organizations and individuals permitted to process your personal data include the Company and VNPT EPAY - a payment service provider that has been legally licensed to operate. In some necessary cases, information may be shared with competent state authorities according to current law regulations.

Service Registration and Cancellation Process

Service Registration

To register for the auto-payment service, you need to complete the following steps:

• Add a new card in the Credit Card Management section.
• Provide credit card information (card number, cardholder name, expiration date, CVV/CVC code) through VNPT EPAY’s payment gateway interface.
• Confirm agreement with the terms and conditions of service use.
• Complete the verification process required by the card-issuing bank (if any).

After completing the registration process, your card information will be encrypted into a Token and ready for automatic payment transactions.

Cancellation or Card Information Changes

You have the right to cancel the auto-payment service registration or change registered card information at any time. To perform these operations, you can:

• Ensure all invoices and payment recommendations have been fully paid.
• Access the Credit Card Management section.
• Select the card to cancel registration, choose Remove card.

Service cancellation will take effect immediately after you complete the cancellation process and receive confirmation from us.

Incident Handling and Dispute Resolution

Incident Handling Process

In case of detecting unauthorized transactions or any issues related to the auto-payment service, you need to notify us immediately through official support channels:

• Hotline: (024) 7302 8888 - (028) 7302 8888
• Email: sales@bizflycloud.vn

We commit to responding to complaints as soon as possible, typically within 3 working hours from receiving your notification. If unauthorized transactions are detected due to our system error, you will be fully refunded the deducted amount along with any related incurred costs (if any).

Dispute Resolution

Any disputes arising related to the use of auto-payment service will be resolved through negotiation between parties. In case resolution cannot be reached through negotiation, the dispute will be brought to competent authorities for resolution according to Vietnamese law.

General Terms

Terms Changes

We reserve the right to change these terms and conditions from time to time. Any changes will be notified to you via email or system notification at least 30 days before taking effect. Your continued use of the service after the changes take effect is considered as your agreement to those changes.

Applicable Law

These terms and conditions are governed and interpreted according to Vietnamese law. Any terms that conflict with current law regulations will automatically be adjusted to comply without affecting the validity of the remaining terms. By checking the “I agree to the terms and conditions” box and continuing the registration process, you confirm that you have read, fully understood, and agree to comply with all the terms and conditions stated above.