APEX DEFENCE

1. Purpose and Scope

This Privacy Policy ("Policy") establishes the framework through which APEX DEFENCE CO., LTD. ("APEX DEFENCE", "we", "our", or "us") collects, uses, protects, and manages personal information obtained through its corporate website and related online channels within the Kingdom of Cambodia.

The Policy applies solely to information handled through the APEX DEFENCE website and electronic correspondence. It reflects compliance with the Cambodian Law on the Protection of Personal Data (2021), the EU General Data Protection Regulation (GDPR), the EU ePrivacy Directive (2002/58/EC), and applicable defense-sector standards.

When visitors browse or interact with our website, only minimal technical information necessary for system security and functionality is collected. If a visitor submits an inquiry, the communication travels through a secure encrypted channel directly to authorized APEX DEFENCE personnel. No behavioral profiling, analytics, or advertising tracking occurs.

2. Legal Framework and Guiding Principles

APEX DEFENCE processes all personal data in accordance with:

• the Law on the Protection of Personal Data (2021);
• the Royal Decree on the Organization and Functioning of the Ministry of National Defense (1994);
• Sub-Decree No. 70 ANK/BK (2016) establishing the National Cybersecurity Framework; and
• international standards ISO/IEC 27001 and ISO/IEC 27701.

We uphold the principles of lawfulness, fairness, and transparency; limit collection to data necessary for legitimate purposes; and implement appropriate measures to preserve confidentiality, integrity, and availability.

For example, when a user voluntarily provides contact details to request information, that information is processed exclusively for responding to the inquiry and is subsequently archived or deleted in accordance with statutory retention requirements.

3. Information Collected Through the Website

Our website serves an informational purpose only. We do not employ forms or technologies that collect personal information beyond what is essential for technical operation.

APEX DEFENCE may receive:

• Technical Data: such as IP address, browser type, and timestamp — recorded temporarily for network-security monitoring.
• Inquiry Data: if a user sends an email to APEX DEFENCE, the message will contain the sender's name and email address, used solely to respond to the query.
• Compliance Records: limited correspondence retained to comply with Cambodian legal or defense-sector obligations.

When an individual contacts APEX DEFENCE via email, the message travels through a secure HTTPS connection to our web server, passes through an encrypted mail gateway, and is delivered to the Data Protection Officer (DPO). After review, it is either archived under controlled access or permanently deleted.

4. Lawful Basis for Processing

APEX DEFENCE relies on lawful grounds under Article 7 of the Data-Protection Law:

• Consent — where a visitor voluntarily provides data;
• Legal Obligation — to comply with statutory or regulatory requirements; and
• Legitimate Interest — to ensure secure and functional website operations.

Data collected is never used for marketing or automated decision-making. For instance, if a visitor submits an inquiry about APEX DEFENCE services, the information is processed only to facilitate communication and maintain a record of correspondence, then deleted once no longer required.

5. Data Security and Confidentiality

We apply layered technical and organizational controls aligned with Article 17 of the Data-Protection Law and ISO/IEC 27001.

All data exchanged through our website is encrypted via HTTPS. Incoming messages are filtered through an anti-malware and intrusion-detection gateway before reaching internal mail servers. Only the DPO and authorized IT Security staff may access these systems. Multi-factor authentication (MFA), firewall segmentation, and audit logging protect the network from unauthorized access.

In practice, when a visitor submits an email inquiry, the message is automatically logged for traceability, reviewed by the DPO for relevance and security, and then handled through encrypted communication channels until completion.

6. Retention and Deletion of Data

Personal data is retained only for as long as necessary to fulfil its purpose or to meet legal obligations.

Typical retention periods are:

• Technical logs – stored for no longer than 24 hours for system diagnostics;
• Inquiry correspondence – retained for up to two years to maintain business records;
• Legal or contractual data – retained for up to seven years under statutory requirements.

After the relevant retention period expires, the DPO initiates secure deletion or anonymization procedures using certified destruction methods.

In operational terms, each inquiry follows a defined lifecycle: collection through email, secure storage within the encrypted server, controlled access for handling or reply, retention for the prescribed duration, and then permanent erasure to ensure no residual data remains.

7. Cookies and Tracking Technologies

The APEX DEFENCE website employs only strictly necessary cookies that support basic technical operation and security. No analytics, advertising, or third-party tracking tools are used.

When a visitor first accesses the site, a brief cookie notification appears to acknowledge the use of essential session cookies. These temporary cookies store minimal information required for maintaining secure connections and expire automatically when the browser closes. They cannot be used to identify individual visitors or track activity across websites.

Technical Measures

• Encrypted Transmission: All web traffic is protected through Transport Layer Security (TLS/HTTPS) to ensure confidentiality and integrity of communications.
• Secure Hosting Infrastructure: Servers are maintained in professionally managed facilities with controlled physical and network access.
• Vulnerability Management: Regular patching, code review, and penetration testing mitigate exploitable weaknesses.
• Network Monitoring: Intrusion detection and event-logging mechanisms provide early warning of unauthorized activity.

Organizational and Administrative Controls

• Access Authentication: Multi-factor authentication (MFA) and role-based access controls are applied to all administrative systems.
• Least-Privilege Principle: Staff and contractors are granted only the access necessary for their functions.
• Confidentiality Undertakings: Personnel with access to defense or communication systems are bound by written non-disclosure and security-clearance obligations.
• Incident Response: A documented procedure governs the containment, investigation, and reporting of security incidents.
• Business Continuity: Backup and recovery protocols ensure operational resilience.

These controls collectively fulfill the "appropriate technical and organizational measures" requirement under Article 32 GDPR and equivalent Cambodian provisions.

8. Cross-Border Data Transfers

APEX DEFENCE does not transfer any personal information outside the Kingdom of Cambodia unless required by law or authorized by the Ministry of National Defense (MoND) in the context of defense-sector cooperation.

If a transfer ever becomes necessary—for example, to exchange security-cleared information with an international government partner—it will be executed only after receiving written approval from MoND and, where relevant, oversight confirmation from the National Authority for Protection of Personal Data (NAPDP). Such data are transmitted exclusively through encrypted channels that meet MoND's cybersecurity standards.

In practice, before any cross-border exchange occurs, the DPO verifies that the recipient country maintains equivalent privacy safeguards, and the transfer record is logged internally for compliance auditing.

9. Rights of Individuals

In accordance with Articles 12–15 of the Cambodian Data Protection Law, every individual whose personal data are processed by APEX DEFENCE has the right to:

• Access their personal data and obtain confirmation of processing;
• Request correction of inaccurate or incomplete information;
• Request deletion of data that are no longer required for legal or operational reasons; and
• Receive information on how APEX DEFENCE processes and safeguards their data.

Requests must be submitted in writing to the DPO and include sufficient information for identity verification.

For example, if a user who previously contacted APEX DEFENCE requests deletion of their correspondence, the DPO will verify identity, confirm that no legal obligation requires retention, and instruct the IT Security Team to permanently erase the email from secure archives. A formal confirmation of deletion will then be provided to the requester.

10. Oversight and Regulatory Coordination

APEX DEFENCE operates under two complementary oversight mechanisms:

• NAPDP (Civil Oversight): supervises compliance with the Law on the Protection of Personal Data (2021).
• MoND (Defense Oversight): monitors adherence to national-security and classified-information standards.

These dual lines of supervision ensure that civilian privacy obligations and defense-sector requirements remain harmonized.

For instance, if the DPO identifies a privacy-related risk affecting both public-facing website data and internal defense communications, the issue is reported to both authorities—NAPDP for data-protection assessment and MoND for cybersecurity containment.

11. Breach Notification Procedure

APEX DEFENCE maintains an incident-response framework consistent with Article 18 of the Data Protection Law and Sub-Decree No. 70 (2016).

When a personal-data breach is suspected or confirmed, the following sequence occurs:

• Immediate detection and containment by IT Security;
• Assessment of scope and potential impact by the DPO;
• Notification to NAPDP and, where applicable, affected individuals as soon as practicable; and
• Documentation of corrective and preventive actions.

As an example, if a misaddressed email containing inquiry information is detected, the DPO immediately revokes access, notifies the unintended recipient, reports the incident to NAPDP, and logs all remedial steps. A root-cause review is then completed within 30 days to strengthen internal controls.

12. Accountability and Staff Responsibilities

Every employee, officer, and contractor with access to personal or confidential data must uphold confidentiality under Article 17 of the Data Protection Law.

Access privileges are granted strictly on a "least-privilege" basis. All staff handling website inquiries or data records must complete periodic training on secure information handling and data-retention rules.

For example, an IT technician performing maintenance on the web server may view technical logs but cannot open message contents. All actions are logged and subject to quarterly compliance review by the DPO.

13. Training and Awareness

APEX DEFENCE provides regular training to ensure all personnel understand their data-protection obligations. Annual workshops reinforce awareness of cybersecurity, secure communications, and breach-reporting responsibilities.

Training materials include simulated website-inquiry handling exercises that demonstrate how personal data must be processed, stored, and deleted within the required timeframe. Attendance is recorded and maintained as evidence of organizational accountability.

14. Review and Amendment

This Policy is reviewed annually or whenever changes occur in Cambodian law, applicable international frameworks, or APEX DEFENCE's operational systems.

Revisions are approved by senior management and published on the company's official website to ensure transparency. All superseded versions are archived by the DPO for historical reference and compliance verification.

15. Legal Declaration

APEX DEFENCE CO., LTD. operates under the authority of the Royal Government of Cambodia through the Ministry of National Defense.

All website-related data processing is performed in strict conformity with Cambodian law, MoND regulations, and recognized international standards. Any violation of this Policy or mishandling of personal information may result in disciplinary, administrative, or criminal liability under Articles 27–30 of the Law on the Protection of Personal Data (2021).

1. Purpose and Scope

This Cookies Policy ("Policy") sets out the principles governing the use of cookies and similar technologies on the corporate website of APEX DEFENCE CO., LTD. ("APEX DEFENCE", "we", "our", or "us") accessible at https://apex-defence.co (the "Website").

It explains what cookies and similar technologies are, the types used on the Website, the lawful basis for their use, and how users ("you" or "visitors") can manage or disable them. This Policy forms part of APEX DEFENCE's overall Privacy and Data Protection Framework and operates in parallel with the APEX DEFENCE Privacy Policy.

APEX DEFENCE observes the Law on the Protection of Personal Data of the Kingdom of Cambodia (2021), the EU General Data Protection Regulation (Regulation (EU) 2016/679), the EU ePrivacy Directive (Directive 2002/58/EC), and MoND Cybersecurity and Information-Security Directives governing defense-related websites.

When a visitor accesses the APEX DEFENCE website, only the essential browser communication is established. Cookies function like a small, secure "technical passport" enabling the server to recognize that each page request belongs to the same secure session. These identifiers are temporary, encrypted, and non-personal.

2. Definition of Cookies and Similar Technologies

Cookies are small text files that a website places on a user's device to ensure stable functionality and security.

They may be Session Cookies – temporary files erased when the browser is closed; or Persistent Cookies – retained for a set period to maintain technical settings (e.g., language preference or cookie-consent acknowledgement). Similar technologies (web beacons, pixel tags, or local storage) operate in the same way and are treated as cookies under this Policy.

When a visitor selects "Accept" on the cookie banner, a single consent cookie is stored containing a random code—no personal information—so that the banner does not reappear unnecessarily. When the browser is closed or after a set period, the cookie expires and the banner resets.

3. APEX DEFENCE's Data-Protection Approach

APEX DEFENCE maintains an informational-only website, designed solely to disseminate authorized corporate, regulatory, and compliance information to the public. No advertising, analytics, or behavioral tracking occurs. The Website is designed solely to display verified corporate and regulatory information to the public, ensuring transparency without data intrusion.

• We do not collect or process personal data through cookies.
• We do not track, profile, or analyze user behavior.
• We do not deploy analytics, advertising, or third-party tracking technologies.

Any personal information voluntarily shared with APEX DEFENCE (e.g., through direct email contact) is processed exclusively under the terms of our Privacy Policy and applicable law.

Any data collected through cookies or similar mechanisms are strictly technical—intended to protect visitors and ensure that the site functions reliably.

When a visitor opens a page, the web server momentarily records the IP address and user agent string (e.g., "Chrome/Windows 11") to validate that the request is legitimate and to prevent automated intrusions. These logs are stored briefly for system security and are automatically purged within 24 hours.

4. Categories of Cookies Used

Strictly Necessary Cookies are indispensable for maintaining the secure operation of the APEX DEFENCE website. They support encrypted HTTPS connections, user-session continuity while navigating pages, security validation against unauthorized access, and the recording of user consent regarding cookie usage. They neither collect personal information nor track behavior.

For example, if a visitor moves from the homepage to the "About Us" section, a temporary session cookie ensures that the secure connection remains intact and uninterrupted. Once the visitor leaves the website or closes the browser, this cookie self-destructs—leaving no trace of the user's identity or activity.

Currently, APEX DEFENCE does not deploy analytics or performance measurement cookies, marketing or social-media cookies, or any third-party tracking mechanisms. Should future website upgrades introduce such features, APEX DEFENCE will first present a clear cookie banner requesting explicit, informed consent before activation, as required by Article 6(1)(a) GDPR and NAPDP guidelines.

5. Lawful Basis for Use of Cookies

The deployment of strictly necessary cookies is justified by Article 6(1)(f) GDPR, which recognizes a website operator's legitimate interest in maintaining functionality, security, and user accessibility. Under Cambodian law, this also aligns with the principle of legitimate business necessity under Articles 7 and 17 of the Law on the Protection of Personal Data (2021).

When the system generates a session token to prevent unauthorized access attempts, that cookie represents a technical safeguard — not a collection of personal data. Its lawful purpose is security, not analytics or profiling. If APEX DEFENCE ever introduces optional cookies, they will be loaded only after the user provides clear, affirmative consent through a visible interface.

6. Managing or Disabling Cookies

Users may configure their web browsers to block all or specific cookies, delete stored cookies after each session, prompt a warning before a cookie is placed, or use incognito/private browsing modes.

If a visitor disables cookies entirely, the website will still load, but session stability (for example, maintaining encrypted authentication or consent settings) may be reduced. The connection may reset more frequently, requiring re-verification of security tokens.

APEX DEFENCE recommends keeping essential cookies enabled to maintain optimal website reliability and defense-grade encryption consistency.

7. International Compliance and Security Assurance

All cookie-related data are handled exclusively within Cambodia under NAPDP supervision and MoND cybersecurity directives.

APEX DEFENCE adheres to the highest standards of data protection and cybersecurity consistent with its status as a defense-sector entity.

We maintain robust technical and organizational safeguards to ensure the confidentiality, integrity, availability, and resilience of our web systems. These measures are implemented in alignment with:

• Cambodian cybersecurity directives and national defense information-security standards;
• GDPR Article 32 requirements for technical and organizational security measures; and
• International ISO/IEC 27001 information-security management frameworks.

Should cross-border data transfers ever occur (e.g., in connection with third-party hosting or email routing), such transfers shall comply with recognized adequacy mechanisms and contractual safeguards ensuring equivalent levels of protection.

If any cross-border technical services (e.g., secure hosting or content delivery) are used, such providers must comply with ISO/IEC 27001 standards and contractual confidentiality clauses.

Suppose an international security firm provides firewall monitoring; their systems may detect malicious IPs globally but never access or store personal identifiers of website visitors. All monitoring data remain anonymized and under Cambodian jurisdictional control.

8. Transparency and User Awareness

APEX DEFENCE displays a persistent link to this Cookies Policy on its website footer and provides access to the company's Privacy Policy for complete data-protection context.

When a visitor clicks "Privacy & Cookies" on the website, they are directed to this document explaining clearly that no analytics, advertisement, or third-party tools are active. This transparency ensures compliance with Article 12 GDPR and the Cambodian principle of fair processing.

9. Oversight and Contact for Inquiries

For any inquiries regarding this Policy, visitors may contact:

Data Protection Contact
Email: privacy@apex-defence.co
Address: APEX DEFENCE, Phnom Penh, Kingdom of Cambodia

Supervisory Authority (Cambodia):
National Authority for Protection of Personal Data (NAPDP)

For EU Visitors: Individuals within the European Union may also contact their national Data Protection Authority (DPA) for advice or to lodge a complaint.

If a visitor believes a cookie has been improperly stored or wishes to understand what data the system retained, they may email the DPO. The DPO verifies the system logs, confirms that only non-personal session cookies were used, and provides a formal written response confirming compliance.

10. Review and Amendment

This Policy is reviewed annually, or sooner if technological or regulatory changes arise. Updates are published on the APEX DEFENCE website, and material revisions are communicated via a visible banner to returning visitors.

If APEX DEFENCE introduces a new defense-news subscription page in the future requiring analytical performance cookies, the Policy will be revised immediately, and a pop-up consent banner will appear, explaining the nature and purpose of the new cookies before any are activated.

Legal Declaration

APEX DEFENCE operates under the authority of the Royal Government of Cambodia, Ministry of National Defense, and adheres to all applicable domestic and international laws governing data protection, cybersecurity, and defense transparency.

All cookies and similar technologies used by APEX DEFENCE are restricted to lawful, minimal, and proportionate operations necessary for national-security-aligned communication systems. Unauthorized modification, misuse, or tampering with website cookies may constitute a violation of the Law on the Protection of Personal Data (2021) and Sub-Decree No. 70 (2016) on cybersecurity, and may be subject to administrative or criminal sanctions.

1. Acceptance of Terms

By accessing or using the official APEX DEFENCE CO., LTD. ("APEX DEFENCE", "we", "our", or "us") corporate website located at https://apex-defence.co ("Website"), you acknowledge that you have read, understood, and agreed to be bound by these Terms and Conditions ("Terms"). If you do not agree with these Terms, you are not authorized to use the Website and must immediately discontinue access. When a visitor opens the APEX DEFENCE website, a secure HTTPS session is initiated. This connection, which employs TLS encryption, establishes the framework for lawful and traceable access under the Ministry of National Defense (MoND) cybersecurity directives. Continued navigation on the Website signifies informed acceptance of these Terms, which operate as a public legal notice under Cambodian law.

2. Purpose of the Website

The APEX DEFENCE Website serves as an informational resource to communicate verified, non-classified details about the company's corporate identity, authorized activities, and defense-related capabilities. It does not engage in e-commerce, solicit sales, or facilitate the transmission of restricted military or technical information. For instance, when a visitor reads the "Capabilities" or "Corporate Governance" sections, they are reviewing publicly cleared materials approved for online publication by MoND. The Website does not collect personal data for commercial marketing, nor does it host classified downloads. Any defense documentation or technical specifications remain subject to controlled dissemination and cannot be transmitted electronically without prior MoND authorization.

3. Lawful and Responsible Use

Users must use the Website solely for lawful and legitimate purposes. Activities such as unauthorized access, data extraction, reverse engineering, uploading harmful code, or disrupting functionality are strictly prohibited. APEX DEFENCE reserves the right to restrict access, disable connections, or report malicious behavior to competent authorities. For example, if an automated bot repeatedly attempts to scan the Website's directory structure or extract PDF files, the system's intrusion-detection firewall automatically logs the incident and triggers a security alert. Such activity is then escalated to the IT Security Officer and may be reported to the MoND Cybersecurity Division in accordance with Sub-Decree No. 70 (2016).

4. Intellectual Property Rights

All materials, including text, designs, graphics, insignia, and logos appearing on the Website, are owned or licensed by APEX DEFENCE and protected under Cambodian copyright law and international defense-sector intellectual-property standards. Reproduction, redistribution, or modification of any Website material, in whole or in part, is prohibited without prior written consent from APEX DEFENCE. For example, visitors may view or download informational brochures for personal or educational use, but cannot reproduce official APEX DEFENCE logos or the Royal Government of Cambodia emblem for any promotional purpose. Unauthorized digital copying or use of such marks would constitute an infringement subject to legal enforcement.

5. Accuracy of Information

APEX DEFENCE endeavors to ensure the information published on the Website is current, accurate, and verified through internal and governmental review processes. However, the company does not warrant the completeness, reliability, or continuous availability of the information. Occasionally, updates to defense regulations, MoND project approvals, or corporate restructuring may require content revision. In such cases, an update notice is added to the relevant section, indicating the date of last review. Users are encouraged to verify important information directly with authorized APEX DEFENCE representatives before relying on it for professional or legal reference.

6. External Links

The Website may include links to other government institutions, defense organizations, regulatory authorities or private industries for reference purposes. These links are provided to improve transparency but do not imply endorsement or control by APEX DEFENCE. APEX DEFENCE disclaims responsibility for the privacy practices, security, or accuracy of third-party content. When a visitor clicks a link to the Ministry of National Defense or the National Authority for Protection of Personal Data (NAPDP), they leave the APEX DEFENCE domain. Once outside our security perimeter, different privacy policies and encryption standards may apply. Visitors are encouraged to review the policies of those external sites before providing any information.

7. Limitation of Liability

To the fullest extent permitted by law, APEX DEFENCE shall not be liable for any direct, indirect, or consequential damages arising out of access to, or use of, the Website. This includes service interruptions, data loss, malware incidents, or reliance on outdated content. If a network outage or cyber incident temporarily interrupts Website access, APEX DEFENCE's liability is limited to restoring the Website's functionality as quickly as practicable under its ISO/IEC 27001-aligned incident-response framework. The company is not responsible for consequential losses such as business interruption or third-party costs.

8. Data Protection and Cookies

Use of the Website is governed by the APEX DEFENCE Privacy Policy and Cookies Policy, which outline how technical information and session identifiers are used to secure and optimize the browsing experience. No personal data are collected beyond what is necessary for legitimate operational and cybersecurity purposes. For example, when a visitor browses multiple pages, a temporary session cookie ensures that the connection remains encrypted. This cookie contains no identifiable data and expires once the browser is closed. Server logs are reviewed solely for detecting anomalies, not for profiling visitors.

9. Security Measures and Monitoring

APEX DEFENCE employs layered defense mechanisms, including encryption, firewalls, intrusion detection, and access control protocols to protect the Website and its users. Monitoring activities are performed solely for cybersecurity assurance and compliance with MoND directives. Security personnel routinely conduct vulnerability scans under controlled schedules to identify potential weaknesses. These tests are logged, and results are submitted to the DPO and MoND Information Security Department for review. Such actions are preventative and do not involve monitoring user behavior.

10. Export Control and Defense Information Compliance

No export-controlled materials, classified data, or restricted defense information are published on or transmitted through the Website. All online communications are screened to ensure compliance with Cambodian defense laws and international arms-control frameworks. If an inquiry form or email requests access to restricted technical documentation, the request is routed to the DPO and flagged for MoND review. No digital files or specifications are released online unless officially declassified and cleared for public dissemination.

11. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of the Kingdom of Cambodia. Any dispute arising out of or relating to these Terms or the Website shall be subject to the exclusive jurisdiction of the competent courts in Phnom Penh. If a visitor disputes the Website's content accuracy or claims unauthorized data usage, the matter will be adjudicated under Cambodian civil law. The competent jurisdiction will apply the national data-protection and cybersecurity framework to assess compliance.

12. Amendments to the Terms

APEX DEFENCE reserves the right to update or modify these Terms at any time to reflect legal, regulatory, or technological changes. Updated versions will be published with the effective revision date displayed prominently. For example, if the NAPDP issues a new directive on online data transparency, APEX DEFENCE will promptly revise this document, update its footer link, and display a notice banner reading "Revised Terms – Effective [Date]."

13. Contact Information

For all questions regarding these Terms, please contact: APEX DEFENCE CO., LTD., Phnom Penh, Kingdom of Cambodia. Email: privacy@apex-defence.co. Supervisory Authority: National Authority for Protection of Personal Data (NAPDP). When a user emails a question about Website terms, the DPO responds via secure email and retains a record for regulatory accountability. The inquiry is logged but not shared externally unless required by law.

14. Legal Declaration

APEX DEFENCE operates under the authority of the Royal Government of Cambodia through the Ministry of National Defense. All activities relating to this Website are governed by applicable national and international laws, including defense-sector transparency obligations, cybersecurity regulations, and data-protection statutes. This means that APEX DEFENCE's Website, servers, and communications infrastructure are overseen under both civilian (NAPDP) and defense (MoND) supervision. The company's digital presence must comply simultaneously with privacy, cybersecurity, and defense-classification standards. Unauthorized use, alteration, or dissemination of Website content may result in administrative, civil, or criminal penalties as defined by Cambodian law.