Legal
Data Processing Policy
This Data Processing Policy ("DPP") describes how WeOps™, a product of BeeGrowth Co., Ltd., processes Customer Data submitted to or connected through the WeOps™ platform at app.weops.vn.
This policy applies to business customers, tenants, and authorised users of the WeOps™ Service. It is separate from our Privacy Policy, which covers personal data collected from website visitors and inquiry leads. Where a customer agreement, service order, or DPA has been executed between a Customer and BeeGrowth Co., Ltd., that agreement controls to the extent it conflicts with this policy. This document is a baseline draft subject to review by legal counsel.
Roles and responsibilities
In the context of Customer Data processed through the WeOps™ platform:
- The Customer is typically the controller or primary responsible party for Customer Data. The Customer is responsible for ensuring that Customer Data submitted to or connected through the Service is accurate, lawfully obtained, and that the Customer is authorised to share it.
- BeeGrowth Co., Ltd. acts as a processor or service provider in relation to Customer Data, processing it only as needed to provide, maintain, secure, troubleshoot, support, or improve the Service, or as otherwise authorised by the Customer.
Specific role definitions, DPA terms, and sub-processor arrangements may be further defined in an applicable customer agreement or service order.
Customer data we may process
Depending on the features used and integrations connected, Customer Data submitted to or processed by the Service may include:
- Product and SKU data (names, codes, categories, variants, attributes)
- Inventory data (stock levels, locations, movement history, warehouse records)
- Sales and order summaries (volume, revenue, discounts, channel breakdowns)
- Channel and store performance data from connected platforms
- Planning inputs (buying plans, forecasts, allocation targets, open-to-buy data)
- Platform user activity within the WeOps™ application (actions, session metadata, logs)
- Connector metadata (integration configuration, sync logs, API tokens managed by the Customer)
- Files and reports uploaded by the Customer or its authorised Users
Customer Data does not typically include sensitive personal data about end consumers. Customers should avoid submitting consumer personal data unless covered by an applicable customer agreement and appropriate legal basis.
Data sources and integrations
WeOps™ may connect to or receive Customer Data from sources that may include:
- Point-of-sale (POS) systems
- Ecommerce platforms
- Marketplace seller accounts (such as Shopee Seller Center, TikTok Seller Center)
- Spreadsheets and files uploaded by the Customer
- Internal planning or workflow systems
- Other sources authorised by the Customer
Integration access is configured by or on behalf of the Customer. The Customer is responsible for ensuring it has the right to connect and share data from each source, and that the data connected is accurate and lawfully obtained.
How customer data is processed
WeOps™ accesses and processes Customer Data only as needed to:
- Deliver the core platform features, including SKU intelligence, sell-through analysis, and operating record generation
- Maintain and operate the platform infrastructure
- Detect and respond to security incidents or anomalies
- Troubleshoot issues and provide customer support
- Improve platform features and performance, using aggregated or de-identified data where feasible
- Comply with applicable legal obligations
- Fulfil any other processing purpose authorised by the Customer
We do not sell Customer Data to third parties or use it for advertising purposes.
Access to customer data
Access to Customer Data is limited to:
- Authorised personnel of BeeGrowth Co., Ltd. whose role requires access to operate, support, or secure the Service — access is limited by role and need
- Authorised Users designated by the Customer within the platform
- Third-party processors engaged under appropriate agreements to support specific infrastructure or service functions
Third-party processors and infrastructure
We use third-party service providers to operate the WeOps™ platform. These may include cloud hosting and infrastructure providers, database services, monitoring and observability tools, and support tooling. Third-party processors are engaged under appropriate terms and are permitted to process Customer Data only as needed for their specific role.
A list of key sub-processors may be provided to Customers upon reasonable written request.
Security measures
We implement reasonable technical and organisational measures designed to protect Customer Data against unauthorised access, disclosure, alteration, or destruction. Measures are proportionate to the nature and sensitivity of the data and are reviewed as the platform evolves.
No method of internet transmission or cloud storage is completely secure. We do not represent certification to specific security frameworks (such as SOC 2 or ISO 27001) unless confirmed in writing. We will notify Customers of material security incidents affecting their data in accordance with our incident notification commitments and applicable law.
Data retention and deletion
Customer Data is retained for as long as the Customer's account or service relationship is active, and for a reasonable period thereafter to allow for account recovery, legal obligations, or dispute resolution. Upon service termination, data handling is governed by the applicable customer agreement.
Customer deletion or export requests may be subject to technical feasibility, contractual terms, and applicable legal requirements. We will respond to requests within a reasonable time and provide confirmation upon completion.
Cross-border processing
Some of our infrastructure and third-party processors may operate on servers located outside Vietnam. Where Customer Data is processed internationally, we take reasonable steps to ensure that appropriate protections are in place, consistent with applicable Vietnamese law. Customers with specific data residency requirements should address these in their customer agreement.
Customer controls and requests
Customers may submit requests related to their Customer Data, including:
- Access to or export of Customer Data held in the platform
- Correction of inaccurate data
- Deletion of Customer Data, subject to technical, contractual, and legal constraints
- Information about how specific data categories are processed
- Sub-processor list or DPA terms
Submit requests to the contact below. We will acknowledge requests promptly and respond in accordance with applicable obligations and the customer agreement.
Incident notification
In the event of a security incident that materially affects Customer Data, we will notify affected Customers without undue delay, to the extent required by applicable law or the customer agreement. Notification will include a description of the incident, affected data, and the steps taken or planned in response.
Contact
For questions about this Data Processing Policy or to submit a data request, please
contact BeeGrowth Co., Ltd., operator of WeOps™:
Email: privacy@weops.vn
Website: weops.vn