Privacy Policy
Last Updated: April 18, 2026
1. Introduction
This Privacy Policy describes how BMC Group ("we," "us," "our," or "Company") collects, uses, and protects information when you use the BMC Employee Utility mobile application (the "App"), available on iOS and Android platforms.
We are committed to protecting your privacy. This policy explains what personal information we collect, why we collect it, and how we use it.
Company Name: BMC Group
Contact Email: hcns.bmcgroup@gmail.com
2. What Information We Collect
We collect the following categories of information to operate the App:
2.1 Employee Account Information
When you create or access your account, we collect:
- Employee ID (as provided by your employer)
- Username or email address used for login
- Password (stored securely, never visible to us after initial set)
- Full name and department (if provided by your employer)
- Device information used for session management
2.2 Session and Authentication Data
To maintain secure access:
- Authentication tokens (temporary credentials for app sessions)
- Device identifier (unique ID generated on your device to enforce single-session access)
- Login timestamps and account activity logs (for security auditing)
- IP addresses from which you access the app
2.3 App Usage Data
To provide the services you request:
- Meal registration choices and dates
- Gate access requests and associated workflow data
- Request status updates and approval history
- Feature flag and module configuration state
2.4 Device Data (Optional)
If you enable push notifications:
- Device push notification token (required to send notifications)
- Device type (iOS/Android) and OS version
- Device name (for user identification across devices)
2.5 Technical and Security Logs
To maintain system security and troubleshoot issues:
- API request logs (endpoints accessed, timestamps)
- Authentication attempt logs (successful and failed)
- Error logs necessary for debugging and security investigation
- Session activity logs (for fraud detection and account security)
We do NOT collect:
- Location data
- Camera or photo library access
- Contacts or address book
- Biometric data
- Health or medical information
- Call history or SMS content
- Precise geolocation
3. How We Use Your Information
We use collected information only for the following purposes:
3.1 Service Operation
- Authenticating your identity and maintaining secure sessions
- Processing your meal registration requests and maintaining history
- Managing gate access requests and approval workflows
- Delivering notifications (if enabled)
- Enforcing single-session policy to prevent unauthorized access
3.2 Security and Fraud Prevention
- Detecting and preventing unauthorized access
- Monitoring for suspicious account activity
- Investigating security incidents
- Maintaining system integrity and protecting against attacks
3.3 System Maintenance
- Debugging technical issues
- Improving app performance and reliability
- Testing new features and modules
- Monitoring system health and uptime
3.4 Legal and Regulatory Compliance
- Complying with internal audit requirements
- Responding to authorized legal requests
- Maintaining records required by applicable law
We do NOT use your information for:
- Marketing or promotional purposes
- Selling or trading personal data
- Profiling or behavioral targeting
- Third-party advertising
4. Data Sharing
We do NOT share your personal information with third parties, except:
4.1 Internal Authorized Personnel
- Company administrators (for account management and support)
- Security team (for investigating security incidents)
- IT operations (for system troubleshooting)
4.2 Legal Requirements
- When required by law, court order, or government request
- When necessary to protect Company assets or security
- To prevent fraud or criminal activity
4.3 Service Providers (If Applicable)
If the App relies on third-party cloud infrastructure:
- Cloud hosting provider (data processing only, no data use)
- We maintain data processing agreements requiring data protection
5. Data Retention
5.1 Active Account Data
- Account information: retained for duration of employment + 1 year after termination
- Meal registration data: retained for current year + 2 prior years
- Gate request data: retained for current year + 2 prior years
5.2 Security Logs
- Authentication logs: 90 days
- API access logs: 30 days
- Device tokens: retained until app uninstall or account deletion
5.3 Backup and Archive
- Backup copies may be retained for up to 30 days after deletion
- We do not retain archived data beyond legal/compliance requirements
6. Security Measures
We implement industry-standard security practices:
6.1 In Transit
- All data transmitted to/from the App uses HTTPS encryption
- API endpoints require authentication tokens
- Passwords are never transmitted in plaintext
6.2 At Rest
- Authentication tokens are stored securely on your device
- Database backups are maintained with access controls
- Encryption of sensitive data at database layer (where applicable)
6.3 Access Controls
- Authentication required for all user-facing operations
- Administrative access logged and audited
- Password requirements enforced (minimum 8 characters)
- Session timeout to prevent unauthorized access on shared devices
7. Your Rights and Choices
7.1 Access and Deletion
- You may request access to your personal data
- You may request deletion of your account and associated data
- Upon termination of employment, your account will be deactivated
- Data deletion will be processed within 30 days
7.2 Notification Preferences
- You can enable or disable push notifications in app settings
- You can revoke notification permissions via device settings
- Disabling notifications does not affect core app functionality
7.3 Account Management
- You can change your password at any time
- You can force logout from other devices in profile settings
- You can view your recent account activity in profile settings
7.4 Contact Us
To exercise your rights or ask questions:
Email: hcns.bmcgroup@gmail.com
Mailing Address: nv.hcns@bmcgroup.com.vn
Response time: We will respond to data requests within 30 days.
8. Changes to This Policy
We may update this Privacy Policy as our services evolve or legal requirements change. We will:
- Post the updated policy on this page
- Update the "Last Updated" date at the top
- If changes are material, notify you via email or app notification
Your continued use of the App after changes constitutes acceptance of the updated policy.
9. Compliance
This Privacy Policy complies with:
- Apple App Store Review Guidelines
- Google Play Store Policies
- General privacy best practices
Last reviewed: April 18, 2026
Version: 1.0