PRIVACY POLICY

Oriental Bank PLC and its related bodies corporate in Cambodia and overseas are committed to protecting your privacy. All Oriental Bank PLC and its related bodies corporate are bound by the Cambodian Banking and Financial Institution Law and must protect your personal information according to Chapter XV: Professional Secrecy (Act 47). In this policy, “we”, “us” and “our” means all of Oriental Bank PLC’s related bodies corporate.

About this policy and your privacy

This policy explains how we can collect, use, hold and disclose your personal information, as well as ensuring the quality, integrity and security of your personal information under applicable Privacy Laws.

  • What is personal information?
    • Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from that information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.
      • Some examples of personal information may include your:
        • Name;
        • Mailing or residential address details;
        • Contact details such as telephone numbers, email address, social media platform user name;
        • Government issued identifiers such as National Identity Card numbers, driver’s license numbers, etc.
        • Bank account and credit card details;
        • Credit history, credit capacity, ability to be provided with credit or credit worthiness.
        • Photograph, video or audio recording; and
        • Sensitive information such as information relating to your health, biometric data, criminal history, racial or ethnic origin.

  • What kinds of personal information do we collect and hold?
    • The personal information that we collect about you will depend on the products or services that you apply for, or enquire about. If you do not allow us to collect all of the personal information we reasonably request, we may not be able to deliver those products or services to you.
    • Throughout the life of your product or service, we may also collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assess the claim.
    • Our collection of ‘sensitive information’, a special type of personal information under the specified Privacy Laws, is further restricted to circumstances where we have obtained your express consent and to certain other permitted situations.
    • Generally, we only collect this sort of information if it is reasonably necessary to provide you with a specific product or service and you expressly consent to our collection. For example, we may collect health information about you to process a claim under an insurance policy or to assess certain claims, including hardship, or we may collect voice biometric information to verify your identity or authorise transactions.

  • Do we collect personal information electronically?
    • We may collect information from you electronically, for instance through internet browsing on our websites, online banking services, mobile or tablet applications.
    • Each time you visit our websites, we may collect information about you which may include personal information (such personal information will be de-identified) and may include the following:
      • The date and time of visits;
      • The pages viewed and your browsing behaviour;
      • How you navigate through the site and interact with pages (including fields completed in forms and applications completed);
      • General location information;
      • Information about the device used to visit our website (including your tablet or mobile device) such as device IDs; and
      • IP addresses. Your IP address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP).
    • We collect information using cookies when you use our websites, online banking services, mobile or tablet applications. Cookies are small pieces of information stores on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.
    • We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites and applications.
    • We may collect personal information about you from social media platforms if you publicly comment but we will never ask you to supply personal information publicly over Facebook, Twitter, Instagram or any other social media platforms that we use. Sometimes we might invite you to send your details to us via private messaging, for example, to answer a question about your account. You may also be invited to share your personal information through secure channels to participate in other activities, such as on-line competitions.

  • Personal Information about third parties
    • If we receive personal information about you that we do not request directly from you or from another party, we will decide whether we could have collected the information in accordance with this Privacy Policy and applicable Privacy Laws.
    • If we decide that we could have collected the information in accordance with this Privacy Policy and applicable Privacy laws, we will keep the information and handle it in accordance with this Privacy Policy and applicable Privacy Laws.
    • If we decide that we could not have collected the personal information in accordance with this Privacy Policy and applicable Privacy Laws, we will destroy or de-identify the information if it is lawful and reasonable to do so.

  • For what purposes do we collect, hold, use and disclose personal information?
    • The main reason we collect, use, hold and disclose personal information is to provide you with products and services (including where applicable, third party products and services) and to help us run our business. This includes:
      • Checking whether you are eligible for the product or service;
      • Assisting you where online applications are not completed;
      • Providing the product or service;
      • Helping manage the product or service;
      • Helping us develop insights and conduct data analysis to improve the delivery of products, services, enhance our customer relationships and to effectively manage risks;
      • Understanding your interest and preferences so we can tailor digital content; and
      • Our insurance, lenders mortgage insurance or re-insurance purposes.
    • We may also de-identify your personal information which we have collected for the purposes described in this Privacy Policy. As a result, this privacy policy will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information.
    • Where we use de-identified information together with other information (including personal information) and in doing so , we are able to identify you, that information will be treated as personal information in accordance with this Privacy Policy and applicable Privacy Laws.
    • We may disclose your information to comply with our legislative or regulatory requirements in any jurisdiction and to prevent fraud, criminal or other activity that may cause you, us or others harm including in relation to products or services.

  • How do we hold and protect your personal information?
    • Much of the information we hold about you will be stored electronically. We store some of your information in secure data centres that are located in Cambodia.. Some information we hold about you will be stored in paper files.
    • We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Cambodia and overseas. For example:
      • Access to our information systems is controlled through identity and access management controls;
      • Employees and our contracted service providers are bound by internal information security policies and are required to keep information secure;
      • All employees that have access to your data are required to complete training about privacy and information security; and
      • We regularly monitor and review our compliance with internal policies and industry best practice.
    • Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure for example, if you feel that the security of any account you have with us has been compromised, please immediately contact us (see Contact Us below).

  • What do we disclose your personal information to, and why?
    • We may share your personal information with companies corporate that are affiliated to and within Oriental Bank PLC.
    • We may also provide personal information about individuals to organisations outside Oriental Bank PLC who help deliver or support the provision of products and services to you. To protect personal information, we enter into contracts with service providers and other third parties that require them to comply with applicable Privacy Laws and certain Oriental Bank policies and standards relating to data protection and information security. These contracts, amongst other things, require our service providers to only use the personal information we disclose to them for the specific role we ask them to perform.
    • Generally, we use contracted service providers to help us in our business activities. For example, they may help us provide you with products and services, provide us with insurance, lenders mortgage insurance or re-insurance, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis. These organisations may include:
      • Our agents, contractors and contracted service providers (for example, mailing houses, technology service providers and cloud storage providers);
      • Authorised representatives and credit representatives who sell or arrange products and services on our behalf;
      • Insurers, lenders mortgage insurers, re-insurers and health care providers;
      • Payment systems operators (for example, merchants receiving card payments);
      • Other organisations, who jointly with us, provide products or services to you, or with whom we partner to provide products and services to you;
      • Other financial services organisations; including banks, superannuation funds, stockbrokers, custodians, fund managers and contracted service providers;
      • Debt collectors;
      • Professional advisors such as our financial advisors, legal advisors and auditors;
      • Your representatives (including your legal advisor, accountant, mortgage broker, financial advisor, executor, administrator, guardian, trustee, or attorney);
      • Fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
      • External dispute resolution schemes;
      • Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction; and
      • Credit reporting bodies.

  • Do we disclose personal information overseas?
    • We may disclose your personal information to a recipient located outside Cambodia. This may include the following:
      • Our contracted service providers operating overseas;
      • Organisations operating overseas with whom we partner to provide goods and services to you;
      • For international transactions, such as currency exchanges, we may need to disclose your information to the corresponding international party in order to process the transaction. The countries we disclose your information to will depend on the details of the transactions you ask us to carry out.
    • When we do disclose and/or store personal information overseas, we protect that information using the security measures set out above and require overseas recipients to do the same.
    • As a trusted service provider, we ensure that our data protection and information security controls applying to your personal information in Cambodia continue to apply in the hand of our affiliates or contracted service providers located overseas.

  • Do we use or disclose personal information for marketing?
    • We may use your personal information to directly offer you products and services we believe may be of interest and value to you but we will not do so if you tell us not to. These products and services may be offered by us or one of our preferred suppliers. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media, or targeted advertising through Oriental Bank or non-Oriental Bank websites or through our online banking service.
    • When we market products and services to you, we will comply with applicable Privacy Laws to obtain your consent if required.
    • We may also disclose your personal information to companies outside Oriental Bank PLC who assist us to market products and services to you (see Who do we disclose your information to, and why?). If you do not want to receive direct marketing offers from us or our affiliates or service providers, please contact us using the contact details or opt-out facility provided to you.

  • What kinds of personal information do we collect in order to enable the usage of our Oriental Internet/Mobile Banking “Online Banking” Services?

    The list below explains what information we collect from your device and how we use it and whether we share it. In some cases, we'll seek your permission.

    • Biometric - for login
    • Network communication - communicate with bank service
    • Storage permissions - data cache
    • Camera - scan QR, OCR for online account opening
    • Photos album - upload profile
    • Telephone permissions (device status) - determine the device identification code to ensure the security of account login
    • Mobile phone Contacts list - During the process of mobile phone number transfer, for performing Mobile Top Up etc
    • Geographic location - for Map

Access to and correction of personal information

You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us.

There is no fee for requesting that your personal information is corrected or for us to make corrections. In some limited circumstances, there may be a reasonable charge for giving you access to your personal information. This charge covers such things as locating the information and supplying it to you.

Under Privacy Laws your right to receive access to your personal information, or make corrections to it, is not absolute and exceptions exist. For example, we are not required to give you access to your personal information where giving you access would pose a serious threat to any person’s life, health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on other people’s privacy or where we reasonably conclude your request is frivolous or vexatious.

If we refuse to give you access to or to correct your personal information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.

Notifiable Data Breaches

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the relevant regulators as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.

If you believe that any personal information we hold about you has been impacted by a data breach, you can contact us using the contact details below.

Resolving your privacy concerns and complaints — your rights

If you have a question or complaint about how your personal information is being handled by us, our affiliates or contracted service providers, please contact us first by using the contact details provided below.

We will acknowledge your complaint as soon as we can after receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within seven (7) business days but some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

If you are unhappy with our response, you can contact our Customer Support Representative who can conduct a review of your matter.

Contact Us

You can contact us in the following ways:

  • In person – at any branch;
  • Online at orientalbank.com.kh – using our secure feedback form to provide feedback, share your suggestions, provide a complaint or compliment; or
  • Emailing customerservice@orientalbank.com.kh

Changes to the Privacy Policy

We may change the way we handle personal information from time to time. If we do so, we will update this Privacy Policy. An up-to-date version of this policy is available at any time at www.orientalbank.com.kh

Need Help?

Find Us

Locate an ATM or Branch

Speak to Us

Call us at our hotline
+855 23 932 288

Download Our Mobile App

Download from App Store
or Play Store
or
App Gallery