Personal Data Protection Commitment Charter

All Dreams Cambodia places great importance on protecting the personal data of its customers, and takes great care to follow Regulation (EU) 2016/679 on personal data protection, which came into force on 25 May 2018.

This regulation, which strengthens the rights of natural persons regarding their data, places the responsibility for protecting personal data belonging to those residing in the European Union firmly in the hands of all those involved in its Processing, regardless of whether the latter are based inside or outside the European Union. It also requires them to be transparent in doing so.

It is for this reason that All Dreams Cambodia follow the present Charter, which lays out a series of obligations they must follow when Processing personal data belonging to customers of All Dreams Cambodia.

1. Definitions

For the purposes of the present Charter, the terms below shall have the following meanings:

‘Customers’ is used in a generic sense to refer to customers and prospects of All Dreams Cambodia. This includes individuals who request information from All Dreams Cambodia regarding a package holiday and those who purchase a package holiday from it. It also covers those who go on said package holidays.

‘Personal Data’ means any information which can be used to identify, directly or indirectly, Customers of All Dreams Cambodia, in particular by reference to an identifier such as a surname, name, email address, postal address, passport number, etc.

‘Applicable legislation’ refers to Regulation (EU) 2016/679 (the General Data Protection Regulation) (hereinafter referred to as the ‘GDPR‘) and all other laws and regulations which transpose, implement or complement it

‘ADC’ refers to All Dreams Cambodia, acting in its capacity asthe Controller.

‘Services’ refers to the services involving the design and implementation of package holidays provided by ALL DREAMS CAMBODIA.

‘Destination Management Company’ means any service provider involved in designing or implementing all or part of a package holiday on behalf of ADC. The Destination Management Company shall process Personal Data in its capacity as the Processor.

The terms used in the present Charter which begin with a capital letter (‘Data Subject’, ‘Processing’, ‘Controller’, ‘Processor’ and ‘Personal Data Breach’) shall have the meaning given to them in Applicable Legislation and in particular Article 4 of the GDPR.

2. Purpose

The purpose of the present Charter is to lay out the conditions under which All Dream Cambodia, as the Processor, undertakes to carry out Processing operations involving the Personal Data, as the Controller, in the course of the provision of its Services.

3. Description of the Processing Undertaken by the Processor

The purposes of Processing, categories of Data Subjects, Personal Data processed and security measures put into place to ensure its confidentiality and integrity are found in the table included in the annex to the present Charter.

4. Compliance

All Dreams Cambodia undertakes to act in accordance with Applicable Legislation in the course of the provision of its Services.

5. Obligations of Destination Management Companies

Following instructions: ADC shall process the Personal Data for the sole purpose of providing the Services in the form of written instructions provided by the latter.

Security of Personal Data: ADC have implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by the Processing of the Personal Data, as well as to protect the Personal Data from accidental or unlawful destruction, accidental loss, alteration, or unauthorised disclosure or access.

Confidentiality of Personal Data: ADC ensure that the Personal Data remains confidential by having in place appropriate internal systems. As such, ADC undertakes to ensure that persons authorised to process the Personal Data keep it confidential and receive appropriate training.

Keeping records of Processing activities: the Service Provider undertakes to keep up-to-date records of Processing activities involving Personal Data belonging to Customers of ADC in accordance with Applicable Legislation, as well as make these records available.

6. Ownership of Personal Data

All Personal Data disclosed by ADC to a third party and/or collected on behalf of ADC in the course of the provision of the Services shall remain the sole property of ADC. The Destination Management Company undertakes to refrain from adding the Personal Data to its own databases or data files.

7. Period of Storage of Personal Data

Personal Data belonging to Customers of ADC will be stored and archived for the entire duration of the package holiday of the Customer in question, and for a period of three months following the end of said package holiday. Beyond this period, Personal Data belonging to Customers will be destroyed, except where it needs to be stored for longer for the purpose of allowing the latter to fulfil its legal obligations regarding the storage of Personal Data.

8. Changes to the Charter

ADC reserves the right to make changes to the present Charter at any time, including in response to changes to Applicable Legislation. In such cases, ADC will publish the new version on his website, and thus informed of said changes in this way.