Indo-China Agriculture Privacy Policy

THE COMPANY only shares your data and makes use of same said cookies (discussed above), for the purposes of conducting business with you with information that you supply via the contact forms on THE WEBSITE, and tracking cookies for analytics purposes and enhancing your experience with THE WEBSITE.

Unless in relation to conducting business with you in specific activities that involve 3rd parties, we do not collect or share private information and ask that ensure an understanding of this privacy policy in full before using our contact forms.

We do not share your data that you provide to THE COMPANY via THE WEBSITE for any purpose that is unlawful or not compliant with the law, or required by law or without your explicit or tacit consent.  Sending information via a contact form on THE WEBSITE and browsing THE WEBSITE are deemed to be tacit consent to the same and where allowed by law are deemed explicit consent in the alternative.

If you leave a comment, the comment and its metadata are retained indefinitely.  This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile.  All users can see, edit, or delete their personal information at any time (except they cannot change their username).  Website administrators of THE WEBSITE can also see and edit that information as can the Editor of THE WEBSITE and THE COMPANY who may do so unilaterally without notice or further express consent.

Any information that you send to THE COMPANY via the contact forms on THE WEBSITE are treated and transported as email and will be treated as such in accordance with the email retention needs of THE COMPANY and/or as specified in this Privacy Policy.

The cookies we use are stored on your computer for up to 1 year from your last visit or are expired and replaced if you return visit within that timeframe – See Cookies above for further information and disclosure

You have rights relating to your personal information held by THE COMPANY.  Let us know if you want to correct or update your personal information or if you have concerns about how we are handling your personal information by contacting us via the contact form on THE WEBSITE.

Your rights

You have certain rights in relation to your personal information that we hold about you, though the details of these may vary depending on the country where you are based and how those rights and legal obligations interact with the laws of the Kingdom of Cambodia.   We respond to all requests we receive from individuals wishing to exercise their rights in relation to any information we hold in accordance with applicable data protection laws.

If you wish to access, correct or update any personal information that THE COMPANY may hold about you, please send a request to ‘Privacy Enquiries’ on the Contact us form available on THE WEBSITE.

Your contact information is only collected by THE COMPANY via THE WEBSITE when you send it to us using the contact form.  This information is limited to your name and email address and any message that you send to us.

We do not collect any other personal data via THE WEBSITE.

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual.  Other Information we may collect includes:

• Demographic information and other information provided by you that does not reveal your specific identity;
• Aggregated information including analytics data and cookie data which are specifically dealt with above;

Please note that we may use and disclose Other Information for any purpose as specified in this Privacy Policy.

Collection of Other Information

From you: Information such as your address and/or state and/or country of residence and your preferred means of communication is collected when you voluntarily provide this information.

By aggregating information: We may aggregate Personal Information and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes.  In addition, from time to time, we may analyze the general behavior and characteristics of users of our Service and share aggregated information like general user statistics with prospective service providers.  We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.

While you visit our site, we’ll track:

• Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
• Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
• Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our store
• Comply with any legal obligations we have, such as calculating taxes
• Improve our store offerings
• Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders and they will be subject to this privacy policy.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it.  For example, we will store order information for 5 years for tax and accounting compliance purposes.  This includes your name, email address and billing and shipping addresses and any data that may appear on an order or invoice.

We will also store comments or reviews, if you choose to leave them.

The purposes for which we process your personal information will depend on the type of personal information collected and the context in which it was collected. However, the primary purposes for which we process personal information from our website include:

• managing our relationship with you – this includes providing you with information or services, improving our products and services and communicating directly with you;
• business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties (including e-commerce transactions); managing business relationships; managing accounts and records; supporting corporate social responsibility activities; resource planning and workforce management; activities and operations; internal investigations; and debt administration; all on a needs basis.
• marketing and public relation purposes – this includes analysing the characteristics of visitors to our website; to prepare analytics and profiling for business intelligence purposes; to personalise your experience on our website; managing our newsletters and communications and, where THE COMPANY collects details in the membership database relevant to THE COMPANY’s e-Business website, for demographic analysis and personalisation of the website.
• recruitment-related purposes – this includes considering you for employment opportunities with THE COMPANY and inviting you to participate in recruitment activities and events;
• website administration and internal operations – this includes troubleshooting, data analysis, testing, research, statistical and survey purposes;
• legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation.

We may also collect and process your personal information for any other purposes for which you have provided your consent or if there is another lawful basis for doing so, and otherwise within the guidelines of this Privacy Policy.

We have no external parties that we share or exchange data, where any of your sensitive personal data could be shared, collected, or exposed. We do not collect your sensitive personal data and only use your name and email address to provide return communications back to you when you provide those details to us for that purpose.

We and our service providers may use Personal Information:

• To respond to your inquiries, fulfill your requests, fulfill your orders of our products;
• To send administrative information to you, such as changes to our terms, conditions, and policies, as well as marketing communications that we believe may be of interest;
• To personalize your experience with the Services by presenting products and offers tailored to you and to facilitate social sharing functionality;
• To allow you to participate in contests, surveys, and similar promotions and to administer these activities (These may require further disclosure for the purposes of those specific activities and events and further specific privacy disclosures will be provided accordingly;
• For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, improving or modifying our Services, identifying usage trends, determining the effectiveness of promotional campaigns, and operating and expanding business activities, and similar purposes.

1. Lawfulness, Fairness and Transparency

According to the GDPR “Personal data shall be:

“processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness, transparency’)”

Article 5.1(a) GDPR

You need to ensure you satisfy all three elements of this principle; lawfulness, fairness and transparency.

Lawfulness

What is meant by lawfulness in relation to the GDPR?

In order to satisfy the lawfulness aspect of this principle you must identify grounds for the processing of any personal data. There are 6 lawful basis’s for processing personal data and at least one of these must be applicable when processing personal data. They are:

1. Consent: you have been given consent by the individual to process their personal data.
2. Contract: there is a contract in place with the individual and processing their personal data is necessary to fulfil this contract, or you have been instructed by the individual to process their data prior to entering into the contract.
3. Legal obligation: you must process the information in order to comply with the law.
4. Vital interests: you must process the personal data in order to protect an individuals life.
5. Public task: processing the personal data of an individual is a necessary component in performing a task in the public interest or for official functions of your company. This task must have a clear legal basis.
6. Legitimate interests: the processing of personal data is required in the legitimate interests of yours or a third parties, unless there is a reason to protect the individual, which overrides these interests.

Fairness

Fairness in relation to the GDPR means that you should only be processing and handling personal data in ways that the individual would expect. There should be no negative effects on the individual through your processing their personal data.

Another aspect of fairness is the way in which the information has been obtained from the individual. You must ensure that the individual is aware of why and how their personal data is being collected. If you have obtained the personal data through unjust means then this is unlikely to comply with the fairness aspect of this principle.

Transparency

What is meant by transparency in GDPR?

Being transparent means that you are being open, honest and clear about how you collect, use and manage individuals personal data. You must ensure you make this information easily accessible for your users as well as being written in clear and easily understood language. This information is part of your Privacy Policy which needs to be placed in an obvious place on your website in order for your users to see and read it.

To comply with the lawfulness, fairness and transparency principle you must:

1. identify a lawful reason for processing
2. identify a condition for processing either special category or criminal offence data
3. only use the personal data for lawful purposes
4. consider how the processing of personal data will impact the people who’s data it is and be able to justify it if there is any negative impact on them
5. process personal data in expected ways or be able to explain why you are processing it for other reasons
6. are not deceptive or misleading in your collection of personal data
7. open and honest about the collection and use of personal data

2. Purpose Limitation

According to the second key principle of the GDPR “Personal data shall be:

“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);”

Article 5.1(b) GDPR

What this essentially means is that you must be clear about why you collect your users personal data and how you use it and if you use the personal data for another reason than originally specified, that it”s use is fair, lawful and transparent.

To ensure you are complying with the purpose limitation principle you will need to:

1. identify the purpose for processing
2. document the purpose
3. include details of reason for collecting personal data in your privacy policy
4. ensure that any personal data you plan to use for a new purpose is either compatible with the original purpose or make sure you get consent for the new purpose.

3. Data Minimisation

The third key principle of the GDPR is data minimisation. According to this principle, “personal data shall be”:

“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);”

Article 5.1(c)

This means that you must collect the least amount of personal data to fulfill the purpose it is intended for. Holding more data than is required is unlawful and a breach of the data minimisation principle.

To make sure you are complying with the data minimisation principle you will need to:

1. collect personal data only when it is needed for a specific purpose
2. have only enough personal data to fulfil the purpose
3. review the data from time to time and delete any unnecessary data

4. Accuracy

The fourth key principle of the GDPR is accuracy. The accuracy principle states that “personal data shall be”:

“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);”

Article 5.1.(d) GDPR

The accuracy principle requires that you ensure the accuracy of any personal data you collect (within reason) and that this data remains valid and fit for purpose.

In order to comply with the accuracy principle you will need to:

1. ensure the accuracy of any personal data collected
2. update the data as required
3. keep records of any mistakes
4. comply with the right to rectification

5. Storage Limitation

The storage limitation principle is the fifth key principle of the GDPR. According to the storage limitation principle “personal data shall be”:

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);”

Article 5.1.(e) GDPR

The fifth key principle means that you cannot hold data for longer than is required and you must be able to justify the reason for storing the data.

Personal data may be held for longer periods of time if you are keeping it for one of these reasons:

• public interest archiving
• scientific or historical research
• statistical purposes.

In order to comply with the storage limitation principle you will need to ensure that you:

1. know what personal data you hold
2. know why you hold this data
3. be able to justify the length of time you retain personal data
4. erase or make anonymous any personal data that is no longer required
5. have a process in place for requests to have personal data erased

6. Integrity and Confidentiality (security)

The sixth key principle in the GDPR is the Integrity and Confidentiality Principle, also known as the Security Principle. According to this principle, “personal data shall be”:

“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Article 5.1.(f) GDPR

To ensure you are complying with the Integrity and Confidentiality Principle you need to:

1. determine the level of security that is required. This will depend on the type and amount of personal information being processed
2. you have a security policy and ensure that you follow it
3. have basic technical controls in place to reduce cyber attacks
4. use encryption when appropriate
5. understand the confidentiality, integrity and availability of the personal data you collect and process
6. ensure there is an appropriate back up process in place in the event that personal data is lost
7. conduct regular reviews of the security measures in place to ensure their efficacy and make adjustments to your procedures as required

7. Accountability

The accountability principle is the seventh key principle in the GDPR. According to Article 5.2 of the GDPR:

“The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”

Article 5.2 GDPR

There are two key points in the accountability principle and these are that you must be responsible and comply with the GDPR and you are required to demonstrate how you comply.

To demonstrate your compliance you will need to:

1. keep evidence of how you comply with the GDPR
2. ensure your Privacy Policy is GDPR compliant
3. have a data protection policy in place if applicable
4. use a data protection by design approach- implementing the best data protection methods throughout your processing operations
5. implement the appropriate security measures
6. record and report any personal data breaches if they occur
7. appoint a data protection officer if required