PRIVACY POLICY
Last updated April 18, 2025



This Privacy Notice for NCHADS ( "we," "us," or "our" ), describes how and why we might access, collect, store, use, and/or share ( "process" ) your personal information when you use our services ( "Services" ), including when you download and use our mobile application ( VCCT) , or any other application of ours that links to this Privacy Notice.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at mpi@nchads.gov.kh.


SUMMARY OF KEY POINTS

The Voluntary Confidential Counselling and Testing App (VCCT App) is a data collection tool designed for offline and online registration of hiv testing and synchronizing data with the NCHADS Mpi Database. It also contains features for monitoring and resolution of objections and feedback. Please note that the app is only fully functioning for users officially designated by NCHADS, MOH. The 'Voluntary Confidential Counselling and Testing' or ‘VCCT’ App is implemented by NATIONAL CENTER FOR HIV/AIDS, DERMATOLOGY AND STD, MINISTRY OF HEALTH (MoH). table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process device's location and personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

TABLE OF CONTENTS

1. Data Use and Disclosure Agreement
2. WHAT INFORMATION DO WE COLLECT FROM YOU?
3. HOW DO WE PROCESS YOUR INFORMATION?
4. HOW LONG DO WE KEEP YOUR INFORMATION?


1. Data Use and Disclosure Agreement

 In Short: Application users are the officer designated by NCHADS, MOH. You are set forth the privacy and security requirements that any data user is obligated to follow with respect to all identifiable patient information and protected health information (definitions to follow; herein collectively referred to as “Protected Data”). The agreement covers Protected Data in any format (paper, electronic, oral). Permission to receive and use Protected Data requires execution of this Agreement that describes the terms, conditions, and limitations of the Data Recipient’s use of Protected Data.

Definitions

Identifiable Patient Information: Patient information that: 1) reveals or can likely be associated with a client’s identity, including for example explicit patient identifiers such as name, home address, telephone number, citizenship, National/regional identification numbers, date of birth, spouse/partner/relative names, other unique identification number(s), medical record number; or 2) could be used by the Data Recipient in combination with other reasonably available information to identify a patient.

Protected Health Information (PHI):

Information about health status or provision of health care that can be linked to an individual. This includes medical/psychiatric records, photos/videotapes, medical reports, X-rays/scans, laboratory samples, bills for service or insurance information, and verbal information provided about the patient. This also includes identifiable patient information and may include variables that are not explicit identifiers.

Breach:

The acquisition, access, use, or disclosure of Protected Data, in any format (paper, electronic, oral), that compromises the privacy, security, or integrity of the information. This includes any action that poses significant risk of financial, reputational, or other harm to an individual or individuals. Disclosure: The release, transfer, provision of, access to, or divulging in any other manner of protected data. This includes the release, transfer, dissemination, or communication of all or any part of any confidential research record orally, in writing, or by electronic means to any person or entity, or providing the means for obtaining the records.

Security Incident:

1) An attempted breach; or
2) The attempted or successful modification or destruction of Protected Data, in violation of this agreement; or
3) The attempted or successful modification or destruction of, or interference with, Data Recipient’s system operations in an information technology system, that negatively impacts the confidentiality, availability or integrity of Protected Data, or hinders or makes impossible Data Recipient’s receipt, collection, creation, storage, transmission, or use of Protected Data by Data Recipient pursuant to this Agreement.

Disclosure Restrictions

The users must protect any Protected Data from unauthorized disclosure, shall not disclose, except as otherwise specifically permitted in writing by NCHADS Program Director.

Disclosure Restrictions Exceptions

Aggregate information (containing no Identifiable Patient Information) shall be released pursuant to any requests for data by any associated government agencies or partners in pursuit of health informatics activities (technical assistance, information systems development, exploratory analysis, etc.).


2. WHAT INFORMATION DO WE COLLECT FROM YOU?

Personal information you disclose to us

 In Short: We collect personal information of only users officially designated by NCHADS, MOH.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
  • usernames
  • passwords
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
  • Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
  • Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
  • Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Google API

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We only use information of our officers/users designated by NCHADS, MOH. We process your information to provide, improve, and administer our Services.


4. HOW LONG DO WE KEEP YOUR INFORMATION?

 In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.