Your Privacy is important to us at Indo-China Agriculture. Here is everything you need to know...
Your Privacy is Very important to us
Protecting your privacy is very important to us.
Indo-China Agriculture Processing Ltd is a subsidiary of Pacific Asia Holdings LLC.
Our offices are at:
C-02 Oak Avenue, Borey Sunway St.
37, Bouengkak2, Toul Kork, Phnom Penh
Our telephone number is:
+855 77 7478
Our email address is:
Our Website is:
It also sets out your rights in relation to the personal information THE COMPANY collects and/or holds about you.
For the purposes of this policy, “personal information” means any information about an identified or identifiable person. This includes where you can be identified, directly or indirectly, including by reference to an identifier (for example, a name or email address, or an online identifier such as a unique device identification number). THE COMPANY use the words “process” and “processing” to describe the various things we may do with your personal information – including using, disclosing, holding, recording, storing, transferring, or otherwise handling that information.
When visitors leave comments on THE WEBSITE , THE COMPANY collects the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to THE WEBSITE, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to THE WEBSITE can download and extract any location data from images on THE WEBSITE.
THE COMPANY has provided contact forms on THE WEBSITE for the purposes of allowing your to contact THE COMPANY. All data that you enter into the contact forms are made visible to THE COMPANY. For your privacy and protection, THE COMPANY strongly recommends that you take precautions to ensure that only intended data is provided. DO NOT ENTER PRIVATE DATA AND/OR CREDIT CARD OR OTHER SENSITIVE INFORMATION INTO THE CONTACT FORMS ON THE WEBSITE.
You agree, by the use of any contact form on THE WEBSITE of THE COMPANY, that you maintain liability for any sensitive information conveyed to THE COMPANY. THE COMPANY will take all reasonable endeavours to protect your communications as it would treat any other email communications and will protect your privacy in compliance with the laws of the Kingdom of Cambodia. You warrant that all data submitted to THE COMPANY via the contact forms on THE WEBSITE is lawful and compliant with the laws of the Kingdom of Cambodia, and take full responsibility, indemnifying THE COMPANY and employees and contractors of THE COMPANY from any responsibility pertaining to the data you submit by the same said contact forms on THE WEBSITE.
If you leave a comment on THE COMPANY WEBSITE, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year and will be automatically expired 1 year from the last visit to THE WEBSITE, and will be stored in your Internet browser on your device. You are able to delete these cookies from your web browser at any time and independently from THE COMPANY.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data, is a session only cookie and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
EMBEDDED CONTENT FROM OTHER WEBSITES
Articles on THE WEBSITE may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. THE COMPANY is independent from and not responsible for the behaviour or content or cookies from any external website.
THE WEBSITE does not use 3rd party advertising for revenue or traffic generation. Therefore we do not embed additional third-party cookies or take any steps to track you across external websites that do not belong to THE COMPANY or THE PARENT COMPANY.
THE COMPANY and PARENT COMPANY may use external analytics company/s for the purposes of understanding where our visitors come from and how they interact with THE WEBSITE. No sensitive or private information is shared with the 3rd party companies, although you acknowledge that you give consent by usage of THE WEBSITE, for THE COMPANY to allow analytics cookies to be created so that we may enhance THE WEBSITE and improve it from time to time or enable are more personalised experience for you the visitor.
Google Analytics is a free software tool created by Google that helps digital professionals monitor and analyze website traffic. THE COMPANY may use this service to anonymously identify your visit to THE WEBSITE and subsequent visits.
It collects data by placing a cookie on a user’s browser when they visit THE WEBSITE, thereby providing insights such as how many users visit THE WEBSITE, where they are from, and which pages they click on.
If you wish to opt out from receiving these cookies from Google then we recommend that you follow the instructions at this link so Google will opt you out.
THE COMPANY only shares your data and makes use of same said cookies (discussed above), for the purposes of conducting business with you with information that you supply via the contact forms on THE WEBSITE, and tracking cookies for analytics purposes and enhancing your experience with THE WEBSITE.
We do not share your data that you provide to THE COMPANY via THE WEBSITE for any purpose that is unlawful or not compliant with the law, or required by law or without your explicit or tacit consent. Sending information via a contact form on THE WEBSITE and browsing THE WEBSITE are deemed to be tacit consent to the same and where allowed by law are deemed explicit consent in the alternative.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators of THE WEBSITE can also see and edit that information as can the Editor of THE WEBSITE and THE COMPANY who may do so unilaterally without notice or further express consent.
The cookies we use are stored on your computer for up to 1 year from your last visit or are expired and replaced if you return visit within that timeframe – See Cookies above for further information and disclosure
You have rights relating to your personal information held by THE COMPANY. Let us know if you want to correct or update your personal information or if you have concerns about how we are handling your personal information by contacting us via the contact form on THE WEBSITE.
You have certain rights in relation to your personal information that we hold about you, though the details of these may vary depending on the country where you are based and how those rights and legal obligations interact with the laws of the Kingdom of Cambodia. We respond to all requests we receive from individuals wishing to exercise their rights in relation to any information we hold in accordance with applicable data protection laws.
If you wish to access, correct or update any personal information that THE COMPANY may hold about you, please send a request to ‘Privacy Enquiries’ on the Contact us form available on THE WEBSITE.
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
Your contact information is only collected by THE COMPANY via THE WEBSITE when you send it to us using the contact form. This information is limited to your name and email address and any message that you send to us.
We do not collect any other personal data via THE WEBSITE.
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. Other Information we may collect includes:
- Demographic information and other information provided by you that does not reveal your specific identity;
- Aggregated information including analytics data and cookie data which are specifically dealt with above;
Collection of Other Information
From you: Information such as your address and/or state and/or country of residence and your preferred means of communication is collected when you voluntarily provide this information.
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 5 years for tax and accounting compliance purposes. This includes your name, email address and billing and shipping addresses and any data that may appear on an order or invoice.
We will also store comments or reviews, if you choose to leave them.
The purposes for which we process your personal information will depend on the type of personal information collected and the context in which it was collected. However, the primary purposes for which we process personal information from our website include:
- managing our relationship with you – this includes providing you with information or services, improving our products and services and communicating directly with you;
- business-related purposes – this includes negotiating, managing, and fulfilling our contracts with customers, suppliers and third parties (including e-commerce transactions); managing business relationships; managing accounts and records; supporting corporate social responsibility activities; resource planning and workforce management; activities and operations; internal investigations; and debt administration; all on a needs basis.
- marketing and public relation purposes – this includes analysing the characteristics of visitors to our website; to prepare analytics and profiling for business intelligence purposes; to personalise your experience on our website; managing our newsletters and communications and, where THE COMPANY collects details in the membership database relevant to THE COMPANY’s e-Business website, for demographic analysis and personalisation of the website.
- recruitment-related purposes – this includes considering you for employment opportunities with THE COMPANY and inviting you to participate in recruitment activities and events;
- website administration and internal operations – this includes troubleshooting, data analysis, testing, research, statistical and survey purposes;
- legal obligations – this includes meeting obligations imposed under law; responding to lawful requests from governments and public authorities; and responding to potential or actual litigation.
We have no external parties that we share or exchange data, where any of your sensitive personal data could be shared, collected, or exposed. We do not collect your sensitive personal data and only use your name and email address to provide return communications back to you when you provide those details to us for that purpose.
We and our service providers may use Personal Information:
- To respond to your inquiries, fulfill your requests, fulfill your orders of our products;
- To send administrative information to you, such as changes to our terms, conditions, and policies, as well as marketing communications that we believe may be of interest;
- To personalize your experience with the Services by presenting products and offers tailored to you and to facilitate social sharing functionality;
- To allow you to participate in contests, surveys, and similar promotions and to administer these activities (These may require further disclosure for the purposes of those specific activities and events and further specific privacy disclosures will be provided accordingly;
- For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, improving or modifying our Services, identifying usage trends, determining the effectiveness of promotional campaigns, and operating and expanding business activities, and similar purposes.
1. Lawfulness, Fairness and Transparency
According to the GDPR “Personal data shall be:
“processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness, transparency’)”
Article 5.1(a) GDPR
You need to ensure you satisfy all three elements of this principle; lawfulness, fairness and transparency.
What is meant by lawfulness in relation to the GDPR?
In order to satisfy the lawfulness aspect of this principle you must identify grounds for the processing of any personal data. There are 6 lawful basis’s for processing personal data and at least one of these must be applicable when processing personal data. They are:
- Consent: you have been given consent by the individual to process their personal data.
- Contract: there is a contract in place with the individual and processing their personal data is necessary to fulfil this contract, or you have been instructed by the individual to process their data prior to entering into the contract.
- Legal obligation: you must process the information in order to comply with the law.
- Vital interests: you must process the personal data in order to protect an individuals life.
- Public task: processing the personal data of an individual is a necessary component in performing a task in the public interest or for official functions of your company. This task must have a clear legal basis.
- Legitimate interests: the processing of personal data is required in the legitimate interests of yours or a third parties, unless there is a reason to protect the individual, which overrides these interests.
Fairness in relation to the GDPR means that you should only be processing and handling personal data in ways that the individual would expect. There should be no negative effects on the individual through your processing their personal data.
Another aspect of fairness is the way in which the information has been obtained from the individual. You must ensure that the individual is aware of why and how their personal data is being collected. If you have obtained the personal data through unjust means then this is unlikely to comply with the fairness aspect of this principle.
What is meant by transparency in GDPR?
To comply with the lawfulness, fairness and transparency principle you must:
- identify a lawful reason for processing
- identify a condition for processing either special category or criminal offence data
- only use the personal data for lawful purposes
- consider how the processing of personal data will impact the people who’s data it is and be able to justify it if there is any negative impact on them
- process personal data in expected ways or be able to explain why you are processing it for other reasons
- are not deceptive or misleading in your collection of personal data
- open and honest about the collection and use of personal data
2. Purpose Limitation
According to the second key principle of the GDPR “Personal data shall be:
“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);”
Article 5.1(b) GDPR
What this essentially means is that you must be clear about why you collect your users personal data and how you use it and if you use the personal data for another reason than originally specified, that it”s use is fair, lawful and transparent.
To ensure you are complying with the purpose limitation principle you will need to:
- identify the purpose for processing
- document the purpose
- ensure that any personal data you plan to use for a new purpose is either compatible with the original purpose or make sure you get consent for the new purpose.
3. Data Minimisation
The third key principle of the GDPR is data minimisation. According to this principle, “personal data shall be”:
“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);”
This means that you must collect the least amount of personal data to fulfill the purpose it is intended for. Holding more data than is required is unlawful and a breach of the data minimisation principle.
To make sure you are complying with the data minimisation principle you will need to:
- collect personal data only when it is needed for a specific purpose
- have only enough personal data to fulfil the purpose
- review the data from time to time and delete any unnecessary data
The fourth key principle of the GDPR is accuracy. The accuracy principle states that “personal data shall be”:
“accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);”
Article 5.1.(d) GDPR
The accuracy principle requires that you ensure the accuracy of any personal data you collect (within reason) and that this data remains valid and fit for purpose.
In order to comply with the accuracy principle you will need to:
- ensure the accuracy of any personal data collected
- update the data as required
- keep records of any mistakes
- comply with the right to rectification
5. Storage Limitation
The storage limitation principle is the fifth key principle of the GDPR. According to the storage limitation principle “personal data shall be”:
“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);”
Article 5.1.(e) GDPR
The fifth key principle means that you cannot hold data for longer than is required and you must be able to justify the reason for storing the data.
Personal data may be held for longer periods of time if you are keeping it for one of these reasons:
- public interest archiving
- scientific or historical research
- statistical purposes.
In order to comply with the storage limitation principle you will need to ensure that you:
- know what personal data you hold
- know why you hold this data
- be able to justify the length of time you retain personal data
- erase or make anonymous any personal data that is no longer required
- have a process in place for requests to have personal data erased
6. Integrity and Confidentiality (security)
The sixth key principle in the GDPR is the Integrity and Confidentiality Principle, also known as the Security Principle. According to this principle, “personal data shall be”:
“processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
Article 5.1.(f) GDPR
To ensure you are complying with the Integrity and Confidentiality Principle you need to:
- determine the level of security that is required. This will depend on the type and amount of personal information being processed
- you have a security policy and ensure that you follow it
- have basic technical controls in place to reduce cyber attacks
- use encryption when appropriate
- understand the confidentiality, integrity and availability of the personal data you collect and process
- ensure there is an appropriate back up process in place in the event that personal data is lost
- conduct regular reviews of the security measures in place to ensure their efficacy and make adjustments to your procedures as required
The accountability principle is the seventh key principle in the GDPR. According to Article 5.2 of the GDPR:
“The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”
Article 5.2 GDPR
There are two key points in the accountability principle and these are that you must be responsible and comply with the GDPR and you are required to demonstrate how you comply.
To demonstrate your compliance you will need to:
- keep evidence of how you comply with the GDPR
- have a data protection policy in place if applicable
- use a data protection by design approach- implementing the best data protection methods throughout your processing operations
- implement the appropriate security measures
- record and report any personal data breaches if they occur
- appoint a data protection officer if required