Skip to main content
← Back to Home

Privacy Policy

GDPR-Compliant • Effective Date: 2026-01-29

We take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Cambodia e-Arrival Card concierge service.

1. Data Controller

Data Controller: Cambodia Arrival Services Ltd

Contact for Privacy Inquiries: privacy@cambodia-arrival.com

2. Personal Data We Collect

When you use our service, we collect the following personal data:

Contact Information

  • Full name
  • Email address
  • Phone number

Travel Document Information

  • Passport number
  • Passport country of issue
  • Passport expiry date
  • Date of birth
  • Nationality

Travel Details

  • Date of arrival in Cambodia
  • Flight number
  • Accommodation address in Cambodia
  • Countries visited in last 30 days

Health Information

  • COVID-19 symptoms declaration
  • Recent travel to high-risk countries
  • Contact with infected persons

Customs Declaration

  • Items brought into Cambodia
  • Currency declaration

Payment Information

  • Payment amount and currency
  • Payment timestamp
  • Stripe payment ID (we do NOT store credit card details)

3. Purpose and Legal Basis for Processing

Service Delivery

Legal Basis: Contract performance (GDPR Article 6(1)(b))

We process your data to complete the e-Arrival Card submission service you paid for.

Communication

Legal Basis: Legitimate interest (GDPR Article 6(1)(f))

We send you order status updates and may contact you for clarifications needed to complete your submission.

Legal Compliance

Legal Basis: Legal obligation (GDPR Article 6(1)(c))

We retain certain data to comply with tax and accounting regulations.

4. Data Retention

✅ Privacy-First Policy

Your personal data is deleted immediately after qr code is delivered to you. We do NOT keep your passport information, travel details, or health declarations after completing our service.

What happens to your data:

  • During processing: We store your data securely to submit your e-Arrival Card to the government portal.
  • After QR code delivery: Your personal data (passport info, travel details, health info) is permanently deleted from our systems.
  • What we keep: Only basic transaction records (order ID, email, payment amount) are retained for 2 years for tax and accounting compliance, as required by law.

This privacy-first approach ensures your sensitive travel data is not stored longer than necessary.

5. Data Sharing & Third Parties

We share your data with the following third parties:

Cambodian Government (arrival.gov.kh)

Purpose: To submit your e-Arrival Card on your behalf

Location: Cambodia

This is the core service we provide

Stripe, Inc.

Purpose: Payment processing

Location: United States

PCI-DSS compliant. We do NOT store your credit card details.

Resend (via Resend.com)

Purpose: Transactional email delivery (order confirmations, status updates)

Location: United States

Only receives your email address and order details

Vercel, Inc.

Purpose: Website hosting and infrastructure

Location: United States

Does not access your personal data directly

International Transfers: Some of our service providers are located in the United States. Data transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can request corrections to inaccurate or incomplete data.

Right to Erasure / 'Right to be Forgotten' (Article 17)

You can request deletion of your data if it's no longer necessary or if you withdraw consent.

Right to Data Portability (Article 20)

You can receive your data in a machine-readable format (CSV) and transfer it to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interests.

Right to Restrict Processing (Article 18)

You can request temporary restriction of processing in certain situations.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, please:

Response Time: We will respond within 30 days as required by GDPR Article 12.

7. Cookies & Tracking

We use the following cookies:

Essential Cookies

Required

Session management, security, form state persistence

Analytics Cookies (Optional)

Optional

Vercel Analytics - privacy-friendly website usage statistics

You can manage your cookie preferences via the cookie banner that appears on your first visit. Essential cookies cannot be disabled as they are required for the website to function.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmission uses HTTPS/TLS encryption
  • Data at rest is encrypted
  • Access to personal data is restricted to authorized personnel only
  • Regular security audits and updates
  • Secure hosting infrastructure (Vercel)

9. Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with your national data protection authority (DPA). In the EU, you can find your DPA at European Data Protection Board.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by posting a notice on our website. The "Last Updated" date at the top of this page indicates when the policy was last revised.

Questions or Concerns?

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

privacy@cambodia-arrival.com