MONAKOM TECHNOLOGY

Privacy Statement

Effective Date: March 11, 2026

About Us & Our Commitment to Your Privacy

At MONAKOM TECHNOLOGY Co., Ltd., our vision is to be Cambodia's leading technology company, powering the digital future of businesses and becoming the first Cambodian software brand to expand internationally. We aim to support the Royal Government of Cambodia's national digitization strategy while empowering micro, small, and medium enterprises (MSMEs) with smart, scalable technology.

Driven by our core values Innovation with Purpose, Simplicity & Usability, Integrity & Trust, Empowerment through Technology, Courage to Lead, and Collaboration & Community, we are committed to transparency, accountability, and doing the right thing. This Privacy Statement reflects our dedication to providing an enterprise-grade, secure infrastructure for all our SaaS solutions, ensuring your data is handled with the highest global standards of professionalism and integrity.

1. Scope

This Privacy Statement describes how MONAKOM TECHNOLOGY Co., Ltd. and its subsidiaries and affiliates (collectively "MONAKOM", "we", "us", and/or "our") collects, uses, shares, and protects your personal information. This Statement primarily covers:

• Merchants & Business Clients: Businesses that use our connected ecosystem of enterprise-grade SaaS solutions—including systems for sales, HR, inventory, accounting, operations, and commerce.
• Merchant Employees: Staff members and employees of our Merchants who interact with our software systems (e.g., POS, HR, and scheduling interfaces).
• Guests & End-Consumers: Individuals who use our Services at one of our Merchant's establishments, through our digital ordering platforms, or via a business partner.
• Website Visitors & Partners: Individuals who visit www.monakom.com, engage with our community-based channels, or collaborate with us strategically.

2. Definitions

• "Services" refers to the beautiful, seamless, and intelligent software systems and products developed by MONAKOM, including:
  • Core Point-of-Sale (POS) systems, Android applications, and hardware;
  • Enterprise-grade SaaS solutions for HR, inventory, accounting, operations, and commerce;
  • Payment processing and flexible integrations with financial, logistics, and commercial platforms;
  • Digital ordering services (online ordering, delivery, contactless pay);
  • Application Programming Interfaces (APIs) and third-party integrations.
• "You" and/or "your" refers to a Merchant, a Merchant Employee, a Guest, a Website visitor, or any other covered data subject.

3. Personal Information We Collect

To deliver technology that feels like magic—easy to use and powerful under the hood—we collect the following categories of personal information:

A. Information Collected from Merchants and Business Clients

• Identity & Contact Data: Name, business name, business address, email address, phone number, and official identification/tax numbers necessary for compliance and accounting software.
• Financial & Transaction Data: Bank account details, billing addresses, and payment histories required for subscription billing and financial integrations.
• Business Operations Data: Inventory logs, sales data, and operational metrics processed on your behalf through our SaaS solutions.

B. Information Collected from Guests (End-Consumers)

• Transaction Data: Goods/services ordered, payment method, payment card information (processed securely through certified PCI-DSS compliant gateways), and order history.
• Contact & Loyalty Data: Name, phone number, and email address provided for digital receipts, waitlists, reservations, or loyalty program enrollment.
• Preferences: Dietary restrictions, special requests, and direct feedback.

C. Information Collected from Merchant Employees

• HR & Workforce Data: Name, contact details, role, shift/scheduling information, and payroll data if the Merchant utilizes our HR and accounting modules.
• System Access Data: Usernames, passwords, and access logs for our software interfaces.

D. Mobile App & Device Permissions (Android & iOS)

To provide seamless functionality, our POS applications may request the following device permissions. You can manage these in your device settings:

• Camera Access: Required to scan barcodes, QR codes for payments, or inventory management.
• Location & Bluetooth Services: Required to connect securely with nearby hardware (e.g., Bluetooth receipt printers, card terminals) and to facilitate delivery routing.
• Storage & Local Network: Required to cache data for offline-mode operations, ensuring reliable performance even without an internet connection, and to communicate with local network printers.

E. Information Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, and unique device identifiers (e.g., Android Advertising ID).
• Usage Data: Information about how you use our websites and apps, crash logs, and performance metrics, ensuring a user-friendly and stable experience.

4. How We Use Personal Information & Legal Basis

In alignment with our mission to help businesses operate effectively and grow with confidence, we process your data under the following legal bases (Contractual Necessity, Legitimate Interest, Legal Obligation, or Consent) for these purposes:

• To Provide and Maintain Our Services (Contract): Managing user accounts, processing transactions, hosting enterprise-grade SaaS infrastructure, and enabling our POS Android app functionalities.
• To Improve and Innovate (Legitimate Interest): Utilizing data to design intuitive experiences, develop new software features, and scale our solutions for micro to large enterprises.
• For Security and Integrity (Legitimate Interest & Legal): Monitoring our systems to prevent fraud, unauthorized access, and cyber threats.
• For Customer Support (Contract & Legitimate Interest): Responding to inquiries, troubleshooting technical issues, and providing community-based support.
• For Marketing and Communications (Consent & Legitimate Interest): Sending updates about new features, strategic partnerships, and promotional offers.
• To Fulfill Legal Obligations (Legal): Complying with financial, accounting, tax, and consumer protection regulations globally and within the Kingdom of Cambodia.

5. Sharing of Information

We grow by working together. To build an ecosystem where everyone benefits, we may share your information under strict confidentiality agreements with:

• Strategic Partners & Integrations: Third-party financial institutions (banks), payment processors, logistics providers, and commercial platforms that integrate seamlessly with MONAKOM's software.
• Service Providers: Trusted vendors who assist us with cloud hosting (e.g., AWS, Google Cloud), data analytics, communication, and security monitoring.
• Merchants: If you are a Guest or Employee, relevant data is shared directly with the Merchant whose business you are interacting with or employed by.
• Legal Authorities: When required by law, regulation, subpoena, or legal process to protect the rights, property, and safety of MONAKOM, our clients, or the public.
• Business Transfers: In the event of a merger, acquisition, or international expansion, your data may be transferred as a business asset, always under the protection of this Privacy Statement.

6. Data Security & Breach Notification

We take our core value of Integrity & Trust seriously. MONAKOM employs enterprise-grade technical, administrative, and physical security measures designed to protect your data. This includes TLS/SSL encryption of data in transit, AES encryption at rest, secure server infrastructure, and strict role-based access controls.

In the unlikely event of a data breach that compromises your personal information, we will notify you and the relevant regulatory authorities in accordance with applicable global data protection laws.

7. Retention of Personal Information

We retain personal information only for as long as is necessary to fulfill the purposes outlined in this Statement, including the provision of our SaaS solutions, compliance with legal and accounting obligations, dispute resolution, and contract enforcement. Once data is no longer needed, it is securely deleted, purged, or anonymized.

8. International Data Transfers

As MONAKOM aims to be the first Cambodian software brand to go global, your information may be transferred to, and maintained on, highly secure cloud servers located outside of your state, province, or country. We ensure that any international data transfers comply with applicable global data protection laws (such as GDPR), utilizing standard contractual clauses and robust security protocols.

9. Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services. These technologies help us provide a seamless user experience, remember your preferences, and analyze system performance. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

10. Your Rights, Choices, and Data Deletion

We empower you with control over your personal data. Depending on your jurisdiction, you have the right to:

• Access the personal information we hold about you.
• Correct any inaccurate or incomplete data.
• Restrict or Object to our processing of your data.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Data Deletion (Right to be Forgotten): You have the right to request the permanent deletion of your account and associated personal data.

How to Request Data Deletion:

You can request the deletion of your personal data by contacting us directly at the email provided below. If you are using our mobile applications, you may also initiate an account deletion request directly through the app's settings menu (Profile > Security > Delete Account). We will process your request within 30 days, subject to legal and operational retention requirements (such as transaction records required for tax purposes).

Note for Merchant Employees & Guests: If your data is controlled by a specific Merchant utilizing our software, you may need to direct your data deletion or access requests directly to that Merchant, as MONAKOM acts as a data processor on their behalf.

11. Children’s Privacy

Our Services are designed for business operations and are not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will take immediate steps to delete the information securely.

12. Changes to this Privacy Statement

We have the courage to lead and take bold steps into the future. As our technology and international presence evolve, we may update this Privacy Statement. We will notify you of any material changes by posting the new Privacy Statement on this page, updating the "Effective Date," and, where appropriate, notifying you via email or in-app alerts.

13. How to Contact Us

Collaboration and community are at the heart of what we do. If you have any questions, concerns, or requests regarding this Privacy Statement, our data practices, or how to exercise your rights, please contact our Data Protection Officer at:

MONAKOM TECHNOLOGY Co., Ltd.
BORVOR OFFICE COMPLEX – 3F, 3031 STREET 2004, O'BAEK K'ORM,
SEN SOK, PHNOM PENH, KINGDOM OF CAMBODIA

Website: www.monakom.com

Email: [email protected]

Phone: 087 666 530/ 087 666 187

This Privacy Statement is designed to meet Google Play Store requirements, international data protection standards (such as GDPR), and reflects MONAKOM's commitment to delivering enterprise-grade, impactful technology from Cambodia to the world.