1. Scope
This Policy applies to data collected by the App when installed on a mobile device and while the App is used to scan QR codes placed on or associated with vehicles. The App is designed to display vehicle information embedded in QR codes and, depending on configuration, to optionally enrich or synchronize such information with our backend services.
2. Information We Collect
2.1 QR Code Data (Primary)
We collect and process the data encoded in scanned QR codes. Typical elements include vehicle identifiers (e.g., VIN, registration number), make/model data, maintenance links, and public metadata. This information is supplied by the QR code itself and is necessary for the App to deliver its core functionality.
2.2 Device & Diagnostic Data
We may collect non‑identifying device metadata required for performance, troubleshooting, and analytics: OS version, device model, App version, crash logs, and anonymized usage metrics. We do not intentionally collect persistent hardware identifiers unless you opt in to diagnostic submission.
2.3 User‑Provided Data
If you choose to register an account, provide feedback, or share a scanned vehicle record, we will collect the information you submit (name, email, notes). Account creation is optional and not required to use basic scanning features.
2.4 Location Data (Optional)
The App may request your device's approximate location to enable location‑tagging of scans or location‑based services. Location access is strictly opt‑in and can be disabled in the App or device settings.
2.5 Third‑Party Services
We may integrate third‑party analytics and crash reporting services. These providers collect the data necessary to offer their services and are contractually bound to process data only on our behalf.
3. How We Use Information
We process collected data for the following business and operational purposes:
- Core functionality: Decode QR codes and present the vehicle information to the user.
- User experience & product improvement: Analytics and diagnostics to improve App stability and features.
- Support & communication: Respond to user inquiries, provide updates, and process account-related actions.
- Fraud prevention & security: Detect and mitigate abusive behavior and protect App integrity.
4. Legal Basis for Processing (where applicable)
For users in jurisdictions that require specification of legal bases (e.g., the EU), our processing relies on the following bases:
- Contractual necessity: to provide the App's requested functionality.
- Consent: where you have opted into optional features (e.g., location, analytics sharing).
- Legitimate interests: for fraud prevention, product improvement, and operational security, balanced against user privacy interests.
5. Sharing & Disclosure
We do not sell personal data. We may disclose information in the following limited circumstances:
- Service providers: vendors who perform services on our behalf (hosting, analytics, customer support).
- Legal obligations: when required by law, court order, or to respond to lawful requests by public authorities.
- Business transfers: in connection with a merger, acquisition, or sale of assets — with notice to affected users where required.
6. On‑Device Processing vs. Cloud
Default behavior: QR code decoding and immediate display of vehicle information occur on the user’s device. We consider on‑device processing the privacy‑preserving default and strongly prefer it. Certain optional features (e.g., cross‑device sync, enhanced data enrichment, or remote backup) may transmit scan data to our servers only with explicit user consent. You retain control over whether data leaves your device.
7. Security
We implement reasonable administrative, technical, and physical safeguards to protect data against unauthorized access and disclosure. While we strive for best‑in‑class security, no system is invulnerable, and we cannot guarantee absolute security. We continuously evaluate and harden our systems against emerging threats.
8. Data Retention
We retain data only as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| QR scan content (on‑device) | Until deleted by user (default: retained locally) |
| Account data (if created) | Account lifetime + 2 years for backups and compliance |
| Analytics & diagnostics | Aggregated/anonymized: 2 years; Raw diagnostics: 90 days |
9. Your Privacy Rights
Subject to local law, you may have rights including:
- Access the personal data we hold about you.
- Request correction or deletion of personal data.
- Object to or restrict processing in certain circumstances.
- Request data portability where technically feasible.
- Withdraw consent where processing is based on consent.
To exercise these rights, contact us at the address below. We may need to verify your identity before fulfilling requests.
10. Cambodia Privacy Notice
If you are a resident of Cambodia, you have specific rights under local law and regulations. You may request disclosure of categories of personal information collected and the purposes for which they are used, and you may request deletion of your personal data where permitted by law. To submit a request, please use the contact information below and include "Cambodia Privacy Request" in the subject line. We will respond in accordance with applicable Cambodian data protection requirements.
11. Third‑Party Links & Services
The App may link to external services or display content provided by third parties. This Policy does not apply to third‑party practices; we encourage you to review their privacy notices before interacting with them.
12. International Transfers
Data processed on our servers may be transferred to and maintained on servers located outside your jurisdiction. Where required, we will take steps to ensure adequate protections for such transfers (e.g., contractual safeguards).
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will post a notice within the App and update the Effective Date above. Continued use of the App after changes constitutes acceptance of the updated Policy.
14. Contact Us
If you have questions, requests, or complaints about this Policy, please contact our Data Protection Officer:
MAT Mobile Solutions
Phone: +855 88 7979 755
Telegram: @P_t20
Postal: Ministry of National Defence, Phnom Penh, Cambodia