The Company will collect information you provide directly or information received from providing services through all channels, as follows:

• Name and Surname (Lao and English)
• Phone Number
• Email
• ID Card, Driver's License, or Passport Number (including photos)
• Bank Account Number
• Business Type
• Website or Platforms connected to PhaJay
• Transaction Information

The Company uses your information for the following purposes:

• To verify and identify the account owner using the system.
• As a channel for communication, notifications, or receiving various information.
• To offer benefits, promotions, products, and related services.
• For the Company's business operations, such as data analysis, auditing, new product development, and service improvement.
• For necessary and appropriate operations, such as:
• • Monitoring and preventing illegal activities.
• • Protecting the Company's business operations, rights, safety, or property, as well as that of personnel and data subjects.
• • Assisting, preventing, or limiting potential damages.
• To comply with legal regulations or investigations by officials.

The Company will collect or disclose your personal data only under the following conditions:

• You have given consent to the Company.
• To prevent or suppress danger to life, property, or freedom.
• It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.
• For the legitimate interests of the Company or another person or legal entity.
• To comply with legal regulations.

4.1 Disclosure of Personal Information

The Company may disclose personal information to third parties in the following cases:

• Affiliated Companies: For marketing and operational purposes.
• Government Agencies: To comply with laws, requests, or coordination related to law enforcement.

4.2 Transfer of Personal Data Abroad

In the event of transferring data abroad (e.g., using Cloud services), the Company will establish standards in its agreements to ensure the recipient organization has data management standards that comply with the law and that the data is managed securely (e.g., through encryption).

The Company is aware of information security and adheres to international standards (e.g., using Private Key and Public Key) to protect data from leaks, alteration, or loss. We have the following measures:

• Access Control: Limiting access rights only to individuals who need to use the data.
• Confidentiality: Individuals with access must strictly adhere to data protection measures.
• Third-Party Agreements: The Company will stipulate appropriate data security measures when contracting with third parties.

You have legal rights under the Company's terms and policies, as follows:

• Right to Withdraw Consent: You can withdraw your consent at any time, unless restricted by law or an existing contract.
• Right to Access: You have the right to access your data via your account system or request a copy from the Company.
• Right to Data Portability: You have the right to receive your data in a machine-readable format and request the Company to send it to another controller (if technically feasible).
• Right to Object: You have the right to object to the collection of your data based on legitimate interests. The Company will only continue processing if it can demonstrate compelling legal grounds that override your fundamental rights.
• Right to Restrict Processing: You have the right to temporarily restrict the use of your data while the Company is reviewing your request to correct or object to it.
• Right to Rectification: You have the right to correct your data to be accurate and current.
• Right to Complain: You have the right to lodge a complaint with the competent authority if you believe the collection of your data violates the law.

This policy outlines the process for resolving disputes between contracting parties or stakeholders, comprising the following steps: