Privacy Policy

Name;
Mailing or residential address details;
Contact details such as telephone numbers, email address, social media platform user name;
Government issued identifiers such as National Identity Card numbers, driver’s license numbers, etc.
Bank account and credit card details;
Credit history, credit capacity, ability to be provided with credit or credit worthiness.
Photograph, video or audio recording; and
Sensitive information such as information relating to your health, biometric data, criminal history, racial or ethnic origin.

What kinds of personal information do we collect and hold?

The personal information that we collect about you will depend on the products or services that you apply for, or enquire about. If you do not allow us to collect all of the personal information we reasonably request, we may not be able to deliver those products or services to you.

Throughout the life of your product or service, we may also collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assess the claim.

Our collection of ‘sensitive information’, a special type of personal information under the specified Privacy Laws, is further restricted to circumstances where we have obtained your express consent and to certain other permitted situations.

Generally, we only collect this sort of information if it is reasonably necessary to provide you with a specific product or service and you expressly consent to our collection. For example, we may collect health information about you to process a claim under an insurance policy or to assess certain claims, including hardship, or we may collect voice biometric information to verify your identity or authorise transactions.

Do we collect personal information electronically?

We may collect information from you electronically, for instance through internet browsing on our websites, online banking services, mobile or tablet applications.

Each time you visit our website(s), we may collect information about you which may include personal information (such personal information will be de-identified) and may include the following:

The date and time of visits;
The pages viewed and your browsing behaviour;
How you navigate through the site and interact with pages (including fields completed in forms and applications completed);
General location information;
Information about the device used to visit our website (including your tablet or mobile device) such as device IDs; and
IP addresses. Your IP address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP).

We collect information using cookies when you use our website(s), online banking services, and mobile or tablet applications. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our website(s), allowing us to remember you the next time you visit and provide a more meaningful experience.

We may also collect information from third-party websites, applications, or platforms containing our interactive content or that is interfaced with our own websites and applications.

We may collect personal information about you from social media platforms if you publicly comment but we will never ask you to supply personal information publicly over Facebook, Twitter, Instagram, or any other social media platforms that we use. Sometimes we might invite you to send your details to us via private messaging, for example, to answer a question about your account. You may also be invited to share your personal information through secure channels to participate in other activities, such as online competitions.

Personal Information about third parties

If we receive personal information about you that we do not request directly from you or from another party, we will decide whether we could have collected the information in accordance with this Privacy Policy and applicable Privacy Laws.

If we decide that we could have collected the information in accordance with this Privacy Policy and applicable Privacy Laws, we will keep the information and handle it in accordance with this Privacy Policy and applicable Privacy Laws

If we decide that we could not have collected the personal information in accordance with this Privacy Policy and applicable Privacy Laws, we will destroy or de-identify the information if it is lawful and reasonable to do so.

 For what purposes do we collect, hold, use and disclose personal information?

The main reason we collect, use, hold and disclose personal information is to provide you with products and services (including where applicable, third-party products and services) and to help us run our business. This includes:

Checking whether you are eligible for the product or service;
Assisting you where online applications are not completed;
Providing the product or service;
Helping manage the product or service;
Helping us develop insights and conduct data analysis to improve the delivery of products, and services, enhance our customer relationships, and effectively manage risks;
Understanding your interest and preferences so we can tailor digital content; and
Our insurance, lenders mortgage insurance, or re-insurance purposes

We may also de-identify your personal information which we have collected for the purposes described in this Privacy Policy. As a result, this privacy policy will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information.

Where we use de-identified information together with other information (including personal information) and in doing so, we are able to identify you, that information will be treated as personal information in accordance with this Privacy Policy and applicable Privacy Laws.

We may disclose your information to comply with our legislative or regulatory requirements in any jurisdiction and to prevent fraud, criminal or other activity that may cause you, us, or others harm including in relation to products or services.

How do we hold and protect your personal information?

Much of the information we hold about you will be stored electronically. We store some of your information in secure data centers that are located in Cambodia. Some information we hold about you will be stored in paper files.

We use a range of physical, electronic, and other security measures to protect the security, confidentiality, and integrity of the personal information we hold both in Cambodia and overseas. For example

Access to our information systems is controlled through identity and access management controls;
Employees and our contracted service providers are bound by internal information security policies and are required to keep information secure;
All employees that have access to your data are required to complete training about privacy and information security; and
We regularly monitor and review our compliance with internal policies and industry best practices.

Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure for example, if you feel that the security of any account you have with us has been compromised, please immediately contact us

What companies do we disclose your personal information to, and why ?

We may share your personal information with companies corporate that are affiliated to and within HENG GENG ( CAMBODIA ) BANK PLC.

We may also provide personal information about individuals to organizations outside HENG FENG (CAMBODIA) BANK PLC. who help deliver or support the provision of products and services to you. To protect personal information, we enter into contracts with service providers and other third parties that require them to comply with applicable Privacy Laws and certain HENG FENG (CAMBODIA) BANK PLC. policies and standards relating to data protection and information security. These contracts, amongst other things, require our service providers to only use the personal information we disclose to them for the specific role we ask them to perform.

Generally, we use contracted service providers to help us in our business activities. For example, they may help us provide you with products and services, provide us with insurance, lenders mortgage insurance or re-insurance, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis. These organizations may include:

Our agents, contractors, and contracted service providers (for example, mailing houses, technology service providers, and cloud storage providers);
Authorized representatives and credit representatives who sell or arrange products and services on our behalf;
Insurers, lenders mortgage insurers, re-insurers, and health care providers;
Payment systems operators (for example, merchants receiving card payments);
Other organizations, who jointly with us, provide products or services to you, or with whom we partner to provide products and services to you;
Other financial services organizations; including banks, superannuation funds, stockbrokers, custodians, fund managers, and contracted service providers;
Debt collectors;
Professional advisors such as our financial advisors, legal advisors, and auditors;
Your representatives (including your legal advisor, accountant, mortgage broker, financial advisor, executor, administrator, guardian, trustee, or attorney);
Fraud bureaus or other organizations to identify, investigate or prevent fraud or other misconduct;
External dispute resolution schemes;
Regulatory bodies, government agencies, and law enforcement bodies in any jurisdiction; and
Regulatory bodies, government agencies, and law enforcement bodies in any Credit reporting bodies.

Do we disclose personal information overseas?

We may disclose your personal information to a recipient located outside Cambodia. This may include the following: Our contracted service providers operating overseas; Organizations operating overseas with whom we partner to provide goods and services to you
For international transactions, such as currency exchanges, we may need to disclose your information to the corresponding international party in order to process the transaction. The countries we disclose your information to will depend on the details of the transactions you ask us to carry out.

When we do disclose and/or store personal information overseas, we protect that information using the security measures set out above and require overseas recipients to do the same.

As a trusted service provider, we ensure that our data protection and information security controls applying to your personal information in Cambodia continue to apply in the hand of our affiliates or contracted service providers located overseas.

Do we use or disclose personal information for marketing?

We may use your personal information to directly offer you products and services we believe may be of interest and value to you but we will not do so if you tell us not to. These products and services may be offered by us or one of our preferred suppliers. We may offer you products and services by various means, including by mail, telephone, email, SMS, or other electronic means, such as through social media, and targeted advertising through HENG FENG (CAMBODIA) BANK PLC. or other websites, or through our online banking service.

When we market products and services to you, we will comply with applicable Privacy Laws to obtain your consent if required.

We may also disclose your personal information to companies outside HENG FENG (CAMBODIA) BANK PLC. who assist us to market products and services to you (see Who do we disclose your information to, and why?). If you do not want to receive direct marketing offers from us or our affiliates or service providers, please contact us using the contact details or opt-out facility provided to you. Access to and correction of personal information

You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us.
There is no fee for requesting that your personal information is corrected or for us to make corrections. In some limited circumstances, there may be a reasonable charge for giving you access to your personal information. This charge covers such things as locating the information and supplying it to you.

Under Privacy Laws your right to receive access to your personal information, or make corrections to it, is not absolute and exceptions exist. For example, we are not required to give you access to your personal information where giving you access would pose a serious threat to any person’s life, health, or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on other people’s privacy or where we reasonably conclude your request is frivolous or vexatious.

If we refuse to give you access to or correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

If we refuse to give you access to or correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

Notifiable Data Breaches

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the relevant regulators as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.

If you believe that any personal information we hold about you has been impacted by a data breach, you can contact us Resolving your privacy concerns and complaints — your rights

If you have a question or complaint about how your personal information is being handled by us, our affiliates, or contracted service providers, please contact us first by using the contact details provided below.

We will acknowledge your complaint as soon as we can after receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within seven (7) business days but some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

If you are unhappy with our response, you can contact our Customer Service who can conduct a review of your matter.

Contact Us

You can contact us in the following ways:

In-person – at any branch;
Online at www.hfcommercialbank.com (Website) – via our secure feedback form to provide feedback, share your suggestions, provide a complaint or compliment; or
Emailing infors@hfcommercialbank.com

Changes to the Privacy Policy

We may change the way we handle personal information from time to time. If we do so, we will update this Privacy Policy. An up-to-date version of this policy is available at any time at www.hfcommercialbank.com