Our Commitment to Protecting Your Personal Information

Khmer Movement for Democracy Inc. (the “Organization”) is preparing to launch an online election platform at https://khmermovementfordemocracy.org/ that will enable account creation and participation from users located in Japan, South Korea, and the European Union. We understand that you may have questions and concerns regarding how your personal information will be collected, used, and protected. This notice summarizes the comprehensive measures the Organization has implemented to safeguard your data privacy in accordance with Japan’s Act on the Protection of Personal Information (“APPI”), South Korea’s Personal Information Protection Act (“PIPA”), the European Union’s General Data Protection Regulation (“GDPR”), and other applicable data protection laws.

Transparency and Informed Consent.

Before you create an account or provide any personal information, you will have full access to our Privacy Policy, which explains in clear, plain language, what information we collect, why we collect it, and how we use it.  Our account creation process includes clear, separate consent mechanisms for different purposes of data use, including general data collection, cross-border data transfers, and any third-party disclosures.  You will never be required to consent to uses of your data beyond what is necessary to participate in our platform.  For users in Japan, the Privacy Policy and relevant notices are available in Japanese; for users in South Korea, a Korean-language translation is provided as required by PIPA.

Limited Data Collection and Purpose.

We are committed to collecting only the minimum personal information necessary to operate the election platform and fulfill your requests.  In accordance with the GDPR’s principles of data minimization and purpose limitation, we ensure that personal data collected from EU residents is adequate, relevant, and limited to what is necessary for the specific purposes for which it is processed.  The categories of information we may collect include identifiers (such as your name, email address, and contact information), account credentials, and information related to your interactions with our website.

We will use your personal information only for the specific purposes disclosed to you, including providing our services, processing your participation in the election, communicating with you about your account, and complying with legal obligations.  We will not use your information for purposes beyond what we have disclosed without first notifying you and obtaining your consent.

Enhanced Protections for Sensitive Information.

We recognize that participation in an election platform may involve information that is considered sensitive under applicable laws, such as political opinions, racial or ethnic origin, creed, or religious beliefs, referred to as “Special Care-Required Personal Information” under APPI and “special categories of personal data” under the GDPR.  We have implemented separate consent mechanisms requiring explicit prior opt-in consent before collecting any such sensitive information, with specific safeguards to ensure such data is processed only when strictly necessary and in compliance with applicable law, including Article 9 of the GDPR.  The platform requires all users to be at least 18 years of age, and we have implemented age verification procedures to ensure we do not collect personal information from minors.

Cross-Border Data Transfers.

Your personal information will be transferred to and processed on servers located in the United States, where the Organization is headquartered, and we have implemented appropriate safeguards for such transfers.  Our Privacy Policy includes detailed disclosures regarding cross-border transfers as required by APPI, PIPA, and the GDPR, including information about the destination country, recipient, purpose, retention period, and security measures.

For EU residents, where transfers are made to countries without an adequacy decision from the European Commission, we rely on standard contractual clauses to ensure adequate protection.  You have the right to refuse cross-border transfers; however, refusal may prevent us from providing certain services.

Technical and Organizational Security Measures.

We have implemented comprehensive technical and organizational security measures designed to protect your personal information from unauthorized access, loss, alteration, and disclosure.  These measures include encryption of data both at rest and in transit using SSL/TLS technology, storage on secure servers protected by firewalls, access controls and authentication procedures to limit who can access your data, malware protection and vulnerability management, and audit mechanisms to detect and respond to potential security incidents.  We also require our third-party service providers to enter into contractual arrangements that obligate them to maintain the confidentiality of your personal information and prohibit its use for purposes other than providing services on our behalf.

Designated Privacy Officers and Representatives.

In accordance with PIPA, the Organization has designated a Chief Privacy Officer responsible for overseeing personal information handling and addressing data protection matters.  Additionally, the Organization has appointed a domestic representative in South Korea whom you may contact regarding privacy concerns.  For Japanese users, the Organization has designated a person responsible for personal information handling in accordance with guidelines issued by Japan’s Personal Information Protection Commission.  For EU users, the Organization has designated internal personnel responsible for overseeing GDPR compliance and coordinating data protection matters, who can be contacted at the email address provided below.

Your Data Protection Rights.

Under APPI, PIPA, and the GDPR, you have significant rights regarding your personal information, including the right to be informed about how your data is used, the right to access your data, the right to request correction or deletion of inaccurate data, and the right to request cessation or restriction of processing.  Additionally, EU residents have the right to data portability, the right to object to certain types of processing, and rights relating to automated decision-making.  We will respond to requests within ten days for South Korean residents (as required by PIPA) and within one month for EU residents (as required by the GDPR), free of charge unless requests are manifestly unfounded or excessive.

You may exercise any of these rights by contacting us at contact@khmermovementfordemocracy.com.  We will not discriminate against you for exercising any of your rights under APPI, PIPA, or the GDPR.

Data Retention and Deletion.

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected.  Generally, account information will be retained for six (6) months following the termination of your account, after which it will be securely deleted or anonymized.  You have the right to request deletion of your personal information at any time, subject to our legal obligations.

Data Breach Response.

We have developed internal breach response procedures to ensure we can respond quickly and effectively in the unlikely event of a data breach affecting your personal information.  If a breach occurs that is likely to harm your rights and interests, we will notify the relevant regulatory authorities within seventy-two (72) hours, including Japan’s Personal Information Protection Commission, South Korea’s PIPC and KISA, and for EU residents, the competent EU supervisory authority as required under Article 33 of the GDPR.  Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals promptly as required under Article 34 of the GDPR.  We will provide information about the nature of the breach, the categories of personal information affected, and the measures taken to address it.

Contact Information.

If you have any questions or concerns about your privacy or how we handle your personal information, please contact us at contact@khmermovementfordemocracy.com or write to us at 111 Fitchburg Road, Ayer, Massachusetts 01432.  South Korean residents may also contact our domestic representative in South Korea.  Japanese, South Korean, and EU residents also have the right to lodge complaints with their respective data protection authorities if they believe their rights have been violated.  EU residents may contact their national data protection authority, and information regarding supervisory authorities can be found on the European Data Protection Board website.  Residents of Switzerland may contact the Federal Data Protection and Information Commissioner, and residents of the United Kingdom may contact the Information Commissioner’s Office.

• We are committed to earning and maintaining your trust by handling your personal information responsibly and transparently in accordance with the GDPR’s core principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.  Your participation in our platform is important to us, and we take our obligations to protect your privacy under APPI, PIPA, the GDPR, and all other applicable data protection laws seriously.