AngkorShop Privacy Policy

1.     Overview

AngkorLife Shopping (hereinafter referred to as "we", "us" or "our") has established this policy to provide a safe and transparent shopping experience with the protection of your personal information as our top priority. This policy clearly informs you about what information we collect, for what purposes and legal bases we process, with whom we share it, how much we keep it, and what rights you can exercise.

 

2.     Scope

This policy applies to all personal information processed when using the AngkorLife mobile app/customer service/website and related online services (collectively, the "Platform"). However, third-party links (e.g., brand official websites) or external services operated by third-party payment companies/logistics companies are subject to the policies of each third party.

 

3.     Definitions

A.      Personal information: Any information that identifies or can be used to identify an individual (e.g., name, contact information, account, payment, order, shipping, device information, etc.)

B.      Processing: All acts related to personal information, such as collection, storage, use, provision (transfer), analysis, and deletion

C.      Data Controller: The person who determines the purpose and means of processing (AngkorLife)

D.     Data Processor: A person who processes personal information according to the instructions of the controller (cloud, payment, logistics, customer center consignment, etc.)

 

4.     Categories & Sources

A.      Direct Provision (Registration/Order/Inquiry/Event)

                           i.          Contact/account information: name, mobile phone, email, password, year of birth (for adult verification purposes)

                          ii.          Profile/Preferences: Favorite brands, categories of interest

                         iii.          Order/Delivery Information: Product name/quantity, order ID, shipping address (street name/zip code/city/country), recipient, contact information, delivery request

                         iv.          Payment information: Payment method, card identifier (token/mask processing), payment approval/decline history, refund/cancellation history

                          v.          Customer support/communication: consultation records (email/chat/phone summary), surveys, reviews, Q\&A Post

B.      Automatic collection (when using the platform)

                           i.          Device/access information: IP, device/browser/OS version, app/web log (access time, function usage), cookie/SDK ID

                          ii.          Security/red flags: Abnormal login attempts, suspicious multiple accounts, payment error patterns

C.      Third-party sources (if required)

                           i.          Payment Provider/Logistics Company/Credit Rating Agency: Payment approval result, delivery status, transaction risk indicator (for the purpose of preventing fraudulent use)

 

5.     Purposes & Legal Bases)\

purpose

Details

Legal basis

Account Creation/Login/Management

Membership registration, authentication, password reset, profile and address management

Contract Fulfillment

Product Ordering and Payment Processing

Shopping cart/order acceptance, payment approval/cancellation/refund, receipt issuance

Contract performance, legal obligations (taxation)

Fulfillment of Shipping/Return/Exchange

Logistics company linkage, delivery status notification, return label, exchange processing

Contract Fulfillment

Support

Inquiries and complaint handling, failure response, quality improvement (call quality evaluation)

Legitimate interests, consent (at the time of transcription)

Service Operation/Improvement

Fault and error log analysis, usability testing, and functional improvement

Legitimate Interests

Security/Fraud Prevention

Access control, fraudulent transaction/abuse detection and blocking, risk scoring (automated decision-making)

Legitimate Interests

Marketing/Promotion

Newsletters, app pushes, SMS, personalized recommendations/segmentation (including profiling)

Consent or legitimate interest (as required by law)

Legal/Regulatory Compliance

Accounting, taxation, dispute response, response to government agency requests

Legal obligations

M\&A/Reorganization

Transfer of information within a reasonable range in the event of a business transfer or merger

Legitimate Interests

 

6.     Cookies & Tracking)\

A.      Intended use

                           i.          Essential cookies: core functions of the service, such as login/shopping cart/payment

                          ii.          Functional cookies: Remember language/region/view options

                         iii.          Performance/Analytics: Measure traffic, clicks, and conversions, and diagnose errors

                         iv.          Marketing/retargeting: Personalized advertising, measuring campaign efficiency (within consent or legitimate interests)

B.      How to care

You can refuse/delete cookies with your browser settings, and the app controls them with your OS settings (allow notifications/tracking). If you refuse cookies, some features may be limited.

C.      Example (Guide)

type

Example Data

safekeeping

essential

Session ID, Cart Status

At the end of the session

function

Language/Region Settings

12 months

analysis

Page views, event logs

13 months

marketing

Ad ID, Campaign Tag

180 days

 

7.     Data Sharing & Transfers

A.      Processor

                           i.          Cloud/IaaS: Infrastructure, backup, and database operations

                          ii.          Payment Agent (PSP)/Fraud Prevention: Payment Approval and Settlement, Risk Assessment

                         iii.          Logistics/courier: Minimum information required for delivery, such as recipient's name, address, contact information, and order ID

                         iv.          Customer Center/BPO: Consultation record management, quality improvement

                          v.          Marketing/Analytics: Email/SMS sending, A/B testing, analytics tools

All trustees are subject to contractual technical/administrative safeguards, limitation of purpose, and confidentiality obligations.

B.      Third Party (Controller or Independent Processor)

                           i.          Seller (marketplace entrant): Provision of customer information within the scope of order fulfillment purposes (self-marketing prohibited)

                          ii.          Audit, legal, and tax advisory agencies

                         iii.          Judicial/administrative authorities: When required by law

C.      International Transfers

Data may be transferred to foreign servers/partners, in which case  appropriate safeguards such as contractual safeguards, encryption, and access controls are applied.

 

8.     Retention

Data Categories

Storage Standards

period

Account/Profile

Withdrawal or 3 consecutive years of inactivity

 Delete/anonymize after up to 3 years

Order/Payment History

Tax and accounting obligations

Up to 10 years (subject to local laws)

Customer Service Tickets

After closing your inquiry

24 months

Log/Security Events

Operational/Security Purposes

180 days

Marketing Consent/Receipt Records

Until the time of withdrawal

Up to 3 years (or stop immediately after withdrawal)

Cookie/Advertising ID

Variation by type

See table §6 above.

If there is a purpose for the establishment, exercise, or defense of a legal dispute or claim, it may be kept for a longer period of time within that scope (processing restrictions apply).

 

9.     Security

A.      Transmit and Storage Encryption (TLS, Encryption at Rest/Tokenization)

B.      Access control (privilege minimization, MFA, log monitoring)

C.      Vulnerability management (regular maintenance/patching, penetration testing)

D.     Backup/Disaster Recovery (DR Planning, Integrity Verification)

E.      Development security (code review, confidential information management)

F.      Incident response procedures (detection→ isolation→ mitigation→ notification)

G.      Internal Training/Audit (Regular Security and Personal Information Training)

 

No system can guarantee 100% safety, so in case of suspected infringement, we will carry out impact assessment and mitigation measures without delay, and notify within the scope required by law.

 

10.  Your Rights

A.      Viewing/Copying: Retained personal information and processing details

B.      Correction/Deletion: Correcting or deleting inaccurate or unnecessary data

C.      Restrict/object to processing: Refuse processing for specific purposes (e.g., marketing)

D.     Consent withdrawal: Withdrawal of consent based processing such as marketing/cookies/transcription

E.      Data portability: Provision of structured and machine-read formats for self-provided data (to the extent possible)

F.      How to Exercise

                           i.          Account Settings: Notifications/Marketing/Tracking Preferences

                          ii.          Inquiry: privacy@digitalangkor.com

                         iii.          Identity verification: Identity and account verification procedures may be required to exercise your rights.

G.      Processing deadline: Respond within a reasonable timeframe (typically 30 days), which can be extended depending on the complexity.

 

11.  Special Topics

A.      Children (minors): The platform is aimed at adult customers and complies with legal restrictions on payment and contracts for minors. If the consent of a legal representative is required, it may be requested.

B.      Public Content: Reviews· Q\A·Posts may be made public, and you  can delete them yourself or request us to remove them. The scope and responsibilities of disclosure are subject to the Terms of Use.

C.      Marketing Communications

                           i.          Email/app push/SMS reception can be changed at any time in the settings

                          ii.          If you refuse direct marketing, immediately stop sending to that channel

                         iii.          Campaign personalization (referrals/segmentation) is done within consent or legitimate interests

 

12.  Controller Identity

A.      Company Name(Corporate Name): DIGITAL ANGKOR Co., Ltd.

B.      Registered Address: 3F, 630A, NR No.2, Toul Roka, Chak Angre Kroam, Meanchey, Phnom Penh, Cambodia.

C.      Personal Information Protection Officer: Jason Oh / privacy@digitalangkor.com

 

13.  List of Third Parties (Summary)

Category-specific lists that can be published if needed

A.      Payment Agent/Risk Management:

B.      Logistics/Shipping:

C.      Cloud/IaaS:

 

14.   Changes

A.      If we revise this policy, we will notify you in advance of any material changes (substantial changes in the purpose, category, and scope of sharing) by platform notice or email.

B.      Update the version/effective date at the top of the document.

 

15.  Contacts & Complaints

A.      General Inquiries: privacy@digitalangkor.com

B.      Report a security incident: security@digitalangkor.com

C.      Supervisory Authority: Complaints can be filed with the local supervisory authority when designated (to be updated when Cambodia-specific regulations are introduced)

 

Appendix A: Minimum Provision Principle (Data Minimization)

We collect and provide only the minimum information necessary to achieve our purpose. Example: Only the recipient's name/address/contact information/order ID will be sent to the carrier.

 

Appendix B: Retention, Deletion, and Anonymization Process

Items that are legally obliged to be kept at the time of deletion of a request will  be safely deleted after the legal period has elapsed after the processing is restricted. Long-term data for analysis purposes will  be used after de-identification and anonymization.

 

Effective date : Jan. OO. 2026.

 

-      the end