Notice — English translation: This page is an unofficial English translation provided for convenience. The original Vietnamese version is the governing legal text. If any conflict arises between the English and Vietnamese versions, the Vietnamese version prevails.
At NexDrop Express, your privacy is our top priority. This policy explains transparently how we collect, use, and protect your personal information.
NexDrop Express is firmly committed to protecting customers' personal information and fully complies with applicable Vietnamese data-protection laws. This policy is built around Decree 13/2023/ND-CP on personal data protection and related regulations (the 2018 Cybersecurity Law, the Law on Consumer Protection, etc.). It clearly describes how Nekotic Co., Ltd. ("NexDrop" or "we") collects, uses, discloses, and stores the personal data of NexDrop Express users.
NexDrop Express only collects and processes data that is necessary to deliver our logistics service, while respecting customers' privacy. We apply appropriate technical and organizational measures to safeguard information — meeting cybersecurity standards and using data encryption when needed — to prevent unauthorized access, use, or disclosure. No method of internet transmission or electronic storage is ever 100% secure, so we cannot guarantee absolute safety in every case. We do our utmost to protect personal data and will promptly notify customers and the relevant authorities of any breach in line with applicable law.
This policy applies to every individual whose personal data NexDrop Express collects while providing the service. Specifically, we collect information from the following subjects:
Customers who use the NexDrop Express platform to send parcels or goods (including individuals or representatives of organizations sending parcels). This is usually the person who creates the shipment order.
Individuals designated to receive parcels or goods from senders via NexDrop. Recipients may not use the app directly, but their information is provided to NexDrop by the sender.
Anyone who visits the NexDrop Express website or app, or contacts us (for example, by sending a support request or complaint). This includes prospective customers who have not yet created an order.
The scope of collection is limited to personal information you provide directly when registering, creating a delivery order, filling out forms in the app or website, or contacting NexDrop — as well as information we collect indirectly while you use the service (for example, device location when GPS is enabled). All subjects and information we collect are handled fairly and transparently in line with this policy.
When you use the NexDrop Express delivery service, we may collect the following categories of personal data from senders and recipients (collectively, "you"):
Full names of senders and recipients; their contact phone numbers; email addresses (if you provide one or register with one). If the sender is a business, this may include the company name and representative contact details.
Detailed pickup and delivery addresses that you provide. These may be a home, workplace, or any specific location designated by the sender or recipient.
Your location data, determined by the device's location service when you grant permission, so drivers can route to and complete pickup or delivery efficiently. Note: under regulation, personal location data is classified as sensitive personal data, so NexDrop only collects location when truly necessary for the service and with your consent.
Parcel and shipment details (e.g. order ID, parcel description, declared value if any), your shipment history with NexDrop Express, send and receive timestamps, payment methods, and other related information generated while you use the service. This helps us manage and track the fulfilment of your delivery contract.
Content you provide when you contact support or raise a complaint — including emails, calls, and messages to NexDrop (delivery issues, compensation requests, service-quality feedback). We may store this content to handle your request and improve the service.
Including IP address, browser type, device type, OS version, cookies, and information about how you interact with our platform. This data helps NexDrop optimize the user experience and keep the system safe (e.g. blocking unauthorized access and detecting fraud).
All personal data we collect is stored securely on NexDrop systems. We commit never to sell or trade your personal data to third parties for commercial purposes. Any information sharing, if it occurs, is limited to the purposes described below and stays within the bounds of applicable law.
We do not collect sensitive personal data beyond the location data noted above unless you actively provide it or the law requires it. For example, NexDrop does not ask for ID/citizen-card numbers, health data, religion, or sensitive financial information for ordinary service use. If sensitive data is exceptionally required (for example, to satisfy legal verification), we will state the reason and proceed only with your separate consent, in line with Decree 13/2023/ND-CP.
For users under 16 (children): NexDrop strictly observes the rules protecting children's personal data. Collection and processing of personal data of users under 16 happen only with the consent of a parent or legal guardian; for users between 7 and under 16, the user's own consent is also required, per Article 20 of Decree 13/2023/ND-CP. We apply appropriate age-verification and consent measures before processing children's personal data. NexDrop continues to comply
the principle of protecting children's best interests in every related data-processing activity.
NexDrop Express collects and processes your personal data mainly to deliver an efficient and safe logistics service. Specifically, we use the data we collect for the following purposes:
We use sender, recipient, and order details to create and confirm orders in the system; schedule pickup and delivery; and manage the shipment. This is the core purpose for performing the service contract between you and NexDrop.
We use the sender's and/or recipient's phone number and email to send order-status notifications (e.g., pickup confirmed, in transit, delivered) and other important updates. Notifications can be sent by SMS/ZNS, the app, or email depending on your preference. This keeps you and the recipient informed about your personal-data processing during the service — specifically, the order's journey.
We share with NexDrop's delivery drivers or carrier partners the information needed to perform pickup and delivery (such as sender/recipient name and phone, pickup and delivery addresses, and order notes). We share only the minimum data needed for the shipment task, alongside strict data-security requirements on drivers and partners. NexDrop applies the necessary security measures and requires recipients of the data to safeguard your personal information and prevent leaks. This sharing is based on your consent to use the service and is consistent with Article 17(4) of Decree 13/2023/ND-CP (which allows processing to fulfil contractual obligations to which the customer is a party).
We analyze service-usage behaviour, shipment history, and customer feedback to optimize the delivery workflow and improve performance (e.g., route optimization based on location data), build new features, and upgrade the app experience. This includes using cookies and tracking technology on the website/app to remember your preferences, analyze traffic, and power personalization. You can manage cookie preferences in your browser; if you refuse cookies, some features may be affected.
We use information (including feedback and complaints you submit) to support and advise you while using the service; to resolve complaints and disputes; and to verify and handle failed deliveries, damages, losses, or other incidents. This ensures your rights as a customer are fully protected. For example, we check order information, contact the relevant parties to clarify, and propose a fair resolution or compensation path where applicable.
We use data (such as access logs and IP addresses) to detect and prevent unauthorized access, fraud, or impersonation on the NexDrop platform; and to prevent violations of law or our terms of use. For example, we may suspend an account or carry out additional verification if we detect anomalies, to protect and secure personal data and to keep the system safe.
We process data to meet statutory requirements and demands from competent state authorities. Specifically, NexDrop may store and reconcile transaction information for accounting and tax purposes; and provide customers' personal information to judicial or public-security authorities when lawfully required as part of an investigation into a violation. Beyond these cases, we do not disclose personal information to any other party without your consent, except where the law provides otherwise.
The processing purposes above cover activities you have been notified of and consented to. If NexDrop later needs to use your data for other purposes, we will notify you and ask for additional consent before processing (except where Article 17 of Decree 13 permits processing without consent).
NexDrop Express retains your personal data for as long as necessary to fulfil the purposes for which it was collected. In other words, we keep your information for as long as you remain a customer using NexDrop and have not withdrawn your consent, or until the original processing purpose is achieved.
For delivery-order data specifically, we plan to retain it at least until the order is successfully delivered and the complaint window has expired (per service policy or your agreement with us). After that, some basic information may be retained for a defined period (e.g., 6 months, 1 year, or as specialised law requires) to handle late disputes, deliver post-service support, and respond to inquiries from competent authorities.
Where permitted by law, NexDrop may need to keep your personal data longer than the periods above if required by a regulator or by a statutory retention obligation (e.g., retaining transaction data for 5 years for accounting purposes, retaining e-invoice data per tax law). Once the necessary retention period ends, we delete or anonymise your personal data securely, unless law requires longer retention.
If you stop using NexDrop (e.g., delete your account) and submit a valid request, we will delete or anonymise your personal data accordingly. Note, however, that some exceptions prevent us from deleting immediately: when the law requires retention (such as transaction data for an investigation), when data has been published per regulation, or in emergencies (national security, crime prevention, etc.) under Article 17 of Decree 13/2023/ND-CP. In such cases we will tell you why we cannot delete the data and will do so as soon as the legal barrier is removed.
In short, NexDrop strives to keep personal data no longer than necessary. We also maintain security safeguards for as long as the data is retained, no matter the length of that period.
NexDrop has physical and electronic procedures in place to protect and secure the data we collect.
Please remember:
NexDrop Express respects and safeguards your legal rights regarding personal data (especially under Decree 13/2023/ND-CP and the Law on Consumer Protection). As the data subject, you have the following rights:
You have the right to be informed about how your personal data is collected, who uses it, and for what purpose. This policy, along with the transparency notices on the app/website, exists to make sure you can exercise this right.
You decide whether to provide your personal data. Where processing requires consent (e.g., location data, marketing), you have the right to agree or refuse. Note that some processing — performing the service contract with NexDrop or complying with statutory requirements — does not need separate consent because it relies on another legal basis.
You have the right to access the personal data we hold about you, including viewing and obtaining a copy. If you find data that is inaccurate or out of date, you have the right to ask us to correct or update it to keep your data accurate, unless the law provides otherwise. For example, you can update your phone number or delivery address by contacting NexDrop through the support channels listed below.
For data we process based on your consent, you may withdraw consent at any time. If you previously agreed to share location or receive marketing, you can disable location in the app or unsubscribe. Note that withdrawing consent may affect service delivery — for example, without location sharing, drivers may have a harder time reaching you — so weigh this carefully. After withdrawal we will stop processing the related data promptly (within at most 72 hours) and confirm with you, except where the law requires otherwise.
You have the right to ask us to delete or anonymise your personal data when it is no longer necessary, when you withdraw consent, or when we have processed beyond the scope disclosed. On a valid request NexDrop will delete the data within the statutory window (typically 72 business hours from when the request is verified), except for legal exceptions noted in Section 5. We will also confirm completion after deletion.
In some cases you have the right to ask us to temporarily restrict processing of your personal data (for example, when you suspect the data is inaccurate or processing is unlawful but do not yet want to delete it). On request, NexDrop pauses processing (other than storage) of the relevant data for up to 72 hours, unless the law provides otherwise.
You have the right to object to or refuse NexDrop processing your personal data for advertising or marketing at any time. If you do not want to receive promotional notices or offers from us, you can request to stop; NexDrop will stop processing your data for advertising within 72 hours of receiving the request. Note: this right does not cover service or transactional notices necessary to your orders.
On request, you may ask us to provide a copy of the personal data you have given to NexDrop in a commonly used electronic format, so you can use it yourself or share it with another provider. We will help within technical and legal constraints.
If you believe your personal-data rights have been violated, you may complain directly to NexDrop. You may also report or take action with competent state authorities as the law allows — for example, by filing a complaint with the Authority of Information Security (MIC) or the Department of Cybersecurity and Hi-Tech Crime Prevention (MPS), or by bringing civil proceedings in court.
If NexDrop or a third party we have authorised to process your data violates personal-data-protection rules and causes you actual damage, you have the right to seek compensation under the law. We will cooperate and pay fair compensation if the fault is ours, unless the parties have agreed otherwise or the law provides otherwise.
To exercise these rights, use the corresponding feature in the app (where available) or contact NexDrop via the channels in Section 9 below. We will verify your identity to keep your data safe, then respond and act within the statutory timeframe (typically no more than 15 business days, often sooner). Exercising these rights is free, except where the law permits a reasonable administrative fee (we will notify you in advance if a request entails significant cost).
Note that your rights may be limited in cases the law specifies — for example, we may decline an access request if you do not provide enough identity-verification information, or decline a deletion request if deletion conflicts with NexDrop's legal obligations. In any case, NexDrop will clearly explain why we cannot fulfil part or all of your request.
Tech businesses often use third parties to
help them host their application,
communicate with customers, power their
emails etc. We partner with third parties
who we believe are the best in their field
at what they do.
When we do this, sometimes it is necessary
for us to share your data with them in order
to get these services to work well. Your
data is shared only when strictly necessary
and according to the safeguards and good
practices detailed in this Privacy Policy.
Where personal data is transferred to a
third party in the United States we take
steps to ensure we agree the standard
contractual clauses with them. We
continually monitor this transfer mechanism.
Any data transfers to the US are encrypted
and generally consist of insensitive
personal data.
Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:
This is a web hosting
provider: we use it to store
data you generate by using
the service securely in the
cloud.
EU (Ireland)
Amazon Web Services, Inc.
Privacy Policy
This is a web hosting
provider: we use it to
store data you generate
by using the service
securely in the
cloud.
EEA (Ireland)
This enables users to
authenticate via Single
Sign-On.
US
WorkOS, Inc.
Privacy Policy
This enables users to
authenticate via Single
Sign-On.
US
We use this service for
customer communications,
user interaction and
helpdesk assistance.
US
We use this service for
customer communications.
US
We use this service for
customer communications,
user interaction and
helpdesk assistance.
US
We use this service for
sending, storing and
tracking emails.
US
Calendly LLC
Privacy Policy
We use this service to
set up calls and
meetings with
customers.
US
Intercom, Inc.
Privacy Policy
We use this service for
customer communications,
user interaction and
helpdesk assistance.
US
Livestorm
Privacy Policy
We use this service to
provide webinars to our
customers.
EEA (France)
Salesforce, Inc.
Privacy Policy
We use this service for
customer communications,
user interaction and
helpdesk assistance.
US
Twilio, Inc.
Privacy Policy
We use this service for
sending, storing and
tracking emails.
US
Webflow, Inc.
Privacy Policy
We use this service to
build our website and
our demo form.
US
Zapier, Inc.
Privacy Policy
We use this service to
automate tasks like
sending emails.
US
This service processes
payments for us.
EU & US
Stripe, Inc.
Privacy Policy
This service processes
payments for us.
EEA & US
We don’t use cookies on visitors. We use
Plausible
to carry out our website measurement
completely anonymously.
When you interact with Bearer as a user, we
(and these third parties) will issue cookies
unless you adjust your browser settings to
refuse them. These may be ‘session’ cookies,
meaning they delete themselves when you
leave Bearer, or ‘persistent’ cookies which
do not delete themselves and help us
recognise you when you return so we can
provide a tailored service.
You can block cookies by activating a
setting on your browser allowing you to
refuse the setting of cookies. You can also
delete cookies through your browser
settings. If you use your browser settings
to disable, reject, or block cookies
(including essential cookies), certain parts
of our website will not function fully. In
some cases, our website may not be
accessible at all. Please note that where
third parties use cookies we have no control
over how those third parties use those
cookies
_mkra_ctxt
intercom-id-[TOCOMPLETE]
Intercom uses cookies to
recognise particular people
who have interacted with
Intercom through Bearer
previously. This may be
visitors to our website,
Bearer users or
counterparties.
You
may refuse the transmission
of your Information by
opting out (contact them
directly for more
information), however,
please note that you will
delete the opt-out cookie
when you delete your cookies
in your browser settings.
Intercom, Inc.
Intercom uses cookies to
recognise particular
people who have
interacted with Intercom
through Bearer
previously. This may be
visitors to our website,
Bearer users or
counterparties.
You
may refuse the
transmission of your
Information by opting
out (contact them
directly for more
information), however,
please note that you
will delete the opt-out
cookie when you delete
your cookies in your
browser settings.
NexDrop Express maintains channels to receive and resolve complaints about the protection of customer personal information quickly and effectively. If you have any questions or complaints about personal data being misused or processed beyond the scope disclosed, please reach out via these channels:
On receipt of a complaint, NexDrop's personal-data-protection team will confirm receipt with you within 48 hours. We will then take the necessary technical and operational steps to verify the complaint, clarify the scope, and find the root cause. During handling, we may contact you to collect more information if needed for verification.
NexDrop commits to responding with the resolution outcome within a maximum of 15 business days from receipt. The outcome will be communicated by email or phone and will include: the conclusion about the matter, remedial steps where NexDrop is at fault (apology, process improvement, compensation where applicable), or guidance to contact the authorities if the issue is beyond our scope to resolve.
If you are unsatisfied with the outcome, or NexDrop fails to respond within the committed timeframe, you may escalate the matter to competent state authorities. Specifically, you can report to the Department of Personal Data Protection (Ministry of Public Security) or the Department of Competition and Consumer Protection (Ministry of Industry and Trade), or sue in a competent court. We aim to resolve every issue through good-faith negotiation, while always respecting your right to file with the authorities.
NexDrop values customer feedback and complaints. We continuously refine our internal policies and security practices based on your input to deliver a safer and more reliable service.
For any questions or requests related to this Privacy Policy and the processing of personal data, please contact us via:
We encourage you to reach out by email first for privacy and security matters. On receipt, NexDrop will acknowledge and respond as quickly as possible.
State-authority contacts: If needed, you can reach the Department of Cybersecurity and Hi-Tech Crime Prevention (Ministry of Public Security) — the focal agency for personal-data protection — or the Department of Competition and Consumer Protection (Ministry of Industry and Trade) for further guidance on your rights.
