Privacy Policy

1. This Privacy Policy explains how Lao Smart Mobility Co., Ltd. (referred to as the “Company,” “we,” “us,” or “our”) collects, uses, discloses, and processes your Personal Data when you use our application (including KOKKOK), websites, and related services (collectively referred to as the “App” or “Services”).

2. Please read this Privacy Policy carefully before accessing or using our Services. By using the Services, you acknowledge and agree to the collection, use, disclosure, and processing of your Personal Data as described in this Privacy Policy.

1. I. COLLECTION OF PERSONAL DATA

   1. Collection of Personal Data

   The Company collects the minimum amount of personal data necessary for the provision of its services. Sensitive information is not collected unless required by law or explicitly consented to by the user. Customers may refuse to provide personal data; however, refusal of essential data may limit access to certain services.

   Registration	Type	Collection of data	Collection and Operation Purpose
   Personal Customer Registration	Essential	Name, Password, UUID(Universally Unique Identifier), Contact Number(Mobile number), Email, Date of Birth	Service Provision and Fee Settlement: Content provision, identity verification, purchase and payment processing. Customer Management: Customer service use, personal identification, dispute resolution, notifications, and prevention of underage registration (under 14). Marketing and Service Development: New service development, personalized service, user analytics.
   	Optional	Gender	Marketing, service personalization
   Mobile App Use & Events	Essential	APP ID, Push ID, Device Token	Delivery of push notifications. Participation in certain events may require consent to receive push notifications.
   Device Permissions	Optional	Camera Access	Used for Offline QR Payment and Lao Label (Barcode scanning). Images are not stored on our servers.

   2. Types of Personal Data Collected

   1. Automatically Collected Data and Generated Data
   1. Device and Usage Information:
   1. Browser type, operating system, device model name
   2. Search items, service usage records, and error logs
   2. Access and Activity Data:
   1. IP address, visit date and time, usage history, misuse or violation history, and cookies
   3. Transaction and Support Data:
   1. Payment records, Order details, and transaction history
   2. Inquiry and complaint records submitted via customer support
   2. Event-Related or Interest-Based Collection:

   In certain cases, the Company may collect data related to a Customer’s interests or participation in events, including:

   1. Search history, participation in events, and data required for physical fulfillment

   3. Methods of Collection

   The Company collects personal data through the following lawful and fair means:

   1. Online Channels: Through the website, mobile application, 1:1 inquiries, emails, and event participation (with prior consent for the use of name and contact information)
   2. Customer Support: Through the customer service center via email, fax, telephone, live chat, and remote consultation tools
   3. Third-Party Sources: From affiliated partners and financial institutions (e.g., via IB API integrations for identity verification during top-up or payment services)
   4. Automated Tools: Using cookies and log analysis tools that collect data during service usage
   5. Offline Methods: Through in-person interactions with seller or branch staff during service registration or application

2. II. USE OF PERSONAL DATA

   The Company may use your Personal Data for the purposes outlined below (the “Purposes”). If you use multiple KOKKOK services (for example, as both a Customer and a Seller or Branch), the Company may link your Personal Data across these roles to ensure seamless service delivery and effective support for the Purposes.

   1. Provision of Services and Features

   1. The Company uses your Personal Data to provide, personalize, maintain, and improve the App, including to:
   1. Enable service provision across all business verticals.
   2. Register, identify, manage, and deactivate user accounts.
   3. Process and verify eligibility for services, promotions, and rewards.
   4. Conduct due diligence and risk assessments.
   5. Verify user identity and age, where necessary.
   6. Process payments and transactions.
   7. Personalize the user experience (e.g., service recommendations, preference recognition).
   8. Perform internal operations such as error detection, data analysis, testing, and performance monitoring.
   9. Safeguard the integrity and security of the App, services, and related systems.

   2. Safety and security

   1. The Company uses Personal Data to ensure the safety and integrity of all users, including Customers, Sellers, and Branches. This includes:
   1. Screening and verifying the identity of Sellers and Branches before enabling them to offer services.
   2. Verifying user identity (including Customers) during login or critical transactions.
   3. Detecting, preventing, and responding to fraud, misuse, or any unsafe or suspicious activity by analyzing device data, location, profile information, and usage behavior.
   4. Sharing relevant service provider or delivery personnel details (such as name and location) with Customers for transparency and safety when a service is accepted or underway.
   5. Monitoring compliance with the Terms and Conditions, operational policies, and applicable legal requirements.
   6. Implementing safeguards to protect all users from abuse, harassment, or exploitation on the platform.

   3. User support

   1. The Company uses Personal Data to manage customer service and resolve support issues. This includes:
   1. Investigating and resolving complaints or disputes.
   2. Monitoring and improving support service quality.
   3. Responding to inquiries, feedback, and comments.
   4. Informing users about the status or outcome of their support requests.

   4. Research, Development, and Security

   1. The Company may process Personal Data for purposes such as:
   1. Conducting tests, analysis, and research.
   2. Understanding user needs and preferences.
   3. Enhancing the security and functionality of the App.
   4. Developing new products, features, or service offerings.
   5. Facilitating development of financial or insurance-related solutions.

   5. Legal and Compliance Purposes

   1. The Company may use your Personal Data to comply with legal obligations or defend its rights, including to:
   1. Investigate or resolve claims or disputes.
   2. Prevent, detect, and prosecute criminal or unlawful conduct.
   3. Comply with applicable laws, court orders, or requests from regulatory authorities.
   4. Enforce the Terms and Conditions or other contractual obligations.
   5. Protect Company assets, personnel, and interests.

   6. Marketing and Promotions

   1. The Company may use Personal Data to send marketing or promotional communications about services that may be relevant to you or offered by third-party partners, including to:
   1. Calculate Membership Levels based on actual payment amounts.
   2. Send promotional materials, offers, updates, newsletters, and marketing communications related to the Service or partner benefits.
   2. Marketing communications may be delivered through various channels, including SMS, email, push notifications, social media, phone calls, or other communication channels operated by the Company.
   3. Customers may opt out of receiving marketing communications at any time by using the unsubscribe option in messages or adjusting notification settings in the App. However, service-related notifications (e.g., transaction alerts, membership updates, or reward notifications) may still be delivered as necessary for the operation of the Service.

3. III. DISCLOSURE OF PERSONAL DATA

   We may need to share Personal Data with third parties in order to operate effectively, fulfill our legal obligations, and deliver our services. The Company ensures that all disclosures are made in accordance with applicable laws and with due regard to the protection of users' privacy. Such third parties may include trusted business partners and service providers who assist us in operating the Service, including Indochina Bank (for payment gateways and Wallet/Account linkage), cloud hosting providers, and legal advisors.

   1. Disclosure to Third Parties

   1. The Company will not disclose users’ Personal Data to external parties without prior consent, except in the following cases:
   1. When the user has given explicit consent;
   2. When it is necessary to perform a contract or provide services requested by the user, and obtaining prior consent is impractical due to economic or technical constraints;
   3. When required by law, or in response to lawful requests by government or investigative authorities;
   4. When personal information is provided to third-party service providers essential to operating the app, with separate user consent acquired for such provision.

   2. Disclosure to Business Partners and Service Providers

   1. We may disclose Personal Data to trusted business partners and service providers who assist us in delivering our services, including:
   1. Payment gateways and financial institutions;
   2. Credit bureaus and scoring agencies;
   3. Debt collection agencies;
   4. Cloud hosting and data storage providers;
   5. Background screening and anti-fraud solution providers;
   6. Analytics and advertising partners;
   7. Customer support and training institutions;
   8. Marketing and event partners;
   9. Insurance and financing companies.

   3. Disclosure to Legal Advisors and Government Authorities

   1. We may disclose Personal Data to legal advisors, enforcement agencies, or regulatory authorities when necessary for:
   1. Compliance with legal obligations, court orders, or investigations;
   2. Protection of the rights, property, or safety of the Company, its users, or the public;
   3. Response to emergencies involving health or safety risks;
   4. Fulfillment of obligations in the public interest, such as public health measures or contact tracing.

   4. Business Transfers

   1. In the event of a business transaction such as a merger, acquisition, asset sale, financing, or corporate restructuring, your Personal Data may be transferred to another entity. Any such transfer will be subject to the commitments made in this Privacy Policy, unless otherwise agreed.

   5. User-Initiated Sharing

   1. Users may choose to share certain Personal Data through specific functions within the App (such as referrals, delivery instructions, or gifting services). In such cases, the Company facilitates this sharing at the user's discretion and is not responsible for third-party usage outside the agreed scope.

4. IV. RETENTION OF PERSONAL DATA

   We retain your Personal Data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy. Once your Personal Data is no longer needed for these purposes, we will take reasonable steps to delete, anonymize, or restrict access to your data, unless a longer retention period is required or permitted by law.

   1. Retention Period

   1. Your Personal Data may be retained for the following reasons:
   1. To provide services and fulfill transactions.
   2. To comply with legal, tax, accounting, or regulatory obligations.
   3. To resolve disputes, enforce our agreements, or protect our rights.
   4. For fraud prevention, security monitoring, or business continuity purposes.
   2. The specific retention period may vary depending on the type of Personal Data, your relationship with us (e.g. customer, seller, branch, or business partner), and applicable legal requirements.

   2. Secure Disposal and Soft Deletion

   1. When a Customer requests account termination, the account may undergo a "Soft Delete" process. To prevent abuse and fraudulent promotional gains, the Customer's mobile number hash may be retained for seven (7) days, during which re-registration is prohibited. After this period, the data will be permanently deleted or anonymized unless legal retention is required.

5. V. INTERNATIONAL TRANSFERS OF PERSONAL DATA

   Your Personal Data may be transferred to, stored in, or processed in countries other than your country of residence or location (“Home Country”), including jurisdictions where our Branches, service providers, or business partners operate. This may also involve interactions with Sellers who are independent from the Company but participate in cross-border transactions on the platform.

   This applies particularly to cross-border transactions, international deliveries, and services involving overseas users, Sellers, Branches, or payment processors.

   1. Purpose of International Transfers

   1. We may transfer Personal Data across borders to support the following:
   1. Processing orders involving international import/export or delivery fulfillment.
   2. Payment processing or verification through international partners.
   3. Operation of centralized infrastructure, including cloud servers or customer service centers located abroad.
   4. Providing services to users accessing the KOKKOK platform from outside the Home Country.

   2. International Users

   1. If you access or use our services from outside of Laos (or your primary registration country), please note that your Personal Data may be transferred to and processed in Laos or other jurisdictions where we or our partners are based.
   2. By using our services, you acknowledge and agree to such international transfers, which are necessary for contract performance or service delivery.

   3. Safeguards and Legal Basis

   1. We implement appropriate legal and technical safeguards to protect your Personal Data during such transfers, including:
   1. Ensuring that the recipient country has laws affording comparable data protection.
   2. Requesting your express consent where required by applicable law.
   2. Transfers are carried out on one of the following legal bases:
   1. Your explicit consent, where required.
   2. The necessity of the transfer for the performance of a contract with you.
   3. Legal obligations or legitimate business interests that comply with privacy regulations.

   4. Data Minimization

   1. We transfer only the minimum amount of data necessary for the stated purpose.
   2. Sensitive or special categories of data are not transferred internationally without adequate protection and specific legal basis.

   5. Your Rights

   1. You may have rights under applicable laws to request more information about the international transfer of your Personal Data or to object to such transfers under certain circumstances.
   2. If you have questions, please contact us using the details provided in Article IX.

6. VI. COOKIES AND ADVERTISING ON THIRD-PARTY PLATFORMS

   1. Use of Cookies

   1. The Company and its authorized third-party partners may use cookies and similar technologies (“Cookies”) in connection with your use of the KOKKOK app. These technologies may include web beacons, tags, pixels, scripts, local storage (e.g., HTML5), and advertising identifiers.
   2. Cookies are used for purposes including but not limited to:
      1. Providing core functionality of the app
      2. Authenticating users and maintaining secure sessions
      3. Remembering user preferences and settings
      4. Analyzing usage patterns and app performance
      5. Delivering and evaluating targeted advertisements
      6. Personalizing services and improving the user experience
   3. In some cases, third-party partners may collect data through Cookies and combine it with other data they possess. The Company does not control how these third parties use their Cookies or the data collected via them.

   2. Managing Cookie Preferences

   1. You may choose to disable, block, or restrict the use of Cookies at any time. However, doing so may affect your ability to access or use certain features or functionality of the app.
   2. Cookie preferences can be managed through your web or mobile browser settings. These are typically found under the “Privacy,” “Security,” “History,” or “Advanced” sections. Please refer to your browser’s help section for specific guidance.
   3. Even after disabling Cookies, some residual data may remain on your device and must be cleared manually via your browser or device settings.

   3. GDPR Compliance (Where Applicable)

   1. In jurisdictions where the General Data Protection Regulation (GDPR) applies, the Company will only use non-essential Cookies (e.g., for analytics or personalized advertising) based on the user's explicit prior consent.
   2. Upon accessing the app, users in the European Economic Area (EEA) or other GDPR-covered regions may be shown a cookie consent banner, allowing them to accept or reject the use of non-essential Cookies.
   3. If users in these regions choose to reject non-essential Cookies, certain features or personalized services may be limited or unavailable.
   4. Essential Cookies that are necessary for the basic operation and security of the app may still be used without separate consent, as permitted by GDPR.

7. VII. PROTECTION OF PERSONAL DATA

   1. Security Measures

   1. The Company implements appropriate legal, organizational, and technical measures to protect your Personal Data against unauthorized access, collection, use, disclosure, copying, modification, disposal, or other similar risks.
   2. These measures include, but are not limited to:
      1. Data encryption and secure data storage protocols
      2. Firewalls, anti-malware software, and intrusion detection systems
      3. Secure authentication and access controls
      4. Routine system monitoring, vulnerability assessments, and audits

   2. Access Control

   1. Access to your Personal Data is strictly limited to authorized personnel of the Company and only on a need-to-know basis.
   2. All employees and authorized personnel who process Personal Data are bound by confidentiality obligations and are subject to internal disciplinary procedures or legal actions in the event of any violation.

   3. Employee Training and Awareness

   1. The Company provides regular training and awareness programs to employees and contractors regarding Personal Data protection, security best practices, and compliance responsibilities.

   4. Incident Response

   1. The Company maintains a formal incident response plan to detect, manage, and respond to Personal Data breaches.
   2. In the event of a breach, the Company will notify affected users and relevant regulatory authorities in accordance with applicable laws and regulations.

   5. Limitations

   1. Despite the Company’s efforts, please be aware that no method of transmission over the internet or method of electronic storage is completely secure.
   2. While the Company will make reasonable efforts to protect your Personal Data, any transmission is at your own risk.

8. VIII. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

   1. Overview of Data Subject Rights

   In accordance with applicable data protection laws and regulations, you may exercise the following rights with respect to your Personal Data, subject to legal limitations and verification procedures:

   1. Access: Request information regarding the processing of your Personal Data and obtain a copy of such data.
   2. Correction and Deletion: Request the correction of inaccurate Personal Data or the deletion of Personal Data where permitted.
   3. Restriction and Objection: Request the restriction of processing or object to the processing of your Personal Data in certain circumstances.
   4. Consent Withdrawal: Withdraw your consent to the processing of your Personal Data where such processing is based on consent.
   5. Data Portability: Request to receive or have your Personal Data transmitted to another organization in a structured, commonly used, and machine-readable format, where processing is based on consent or contract.
   6. Lodge a Complaint: File a complaint with a relevant data protection authority if you believe your data rights have been infringed or your Personal Data has been unlawfully processed.

   2. Implications of Withholding or Withdrawing Consent

   1. Where you are given the choice to provide your Personal Data, you may choose not to do so.
   2. If you withdraw your consent or object to the processing of your Personal Data, we will respect your decision in accordance with applicable laws.
   3. However, such withdrawal or refusal may affect your ability to access or use certain services, functionalities, or features of the KOKKOK app, particularly where the processing is essential to service delivery, as outlined in Article II (Use of Personal Data).
   4. In particular, if you withdraw your consent to receive push notifications or marketing communications, you may be restricted from participating in certain promotional events or in-app programs offered through the Service.

   3. Verification and Processing of Requests

   1. All data subject requests will be screened and verified. To confirm your identity or authority to make the request, we may require supporting documentation or information.
   2. Upon successful verification, we will respond to and process your request within the timeframe prescribed by applicable laws and regulations.

   4. Legal Basis for Continued Processing

   Even if you withdraw your consent, the Company may continue to process your Personal Data if required or otherwise permitted by applicable laws, such as for legal obligations, fraud prevention, or the establishment, exercise, or defense of legal claims.

9. IX. AMENDMENTS AND UPDATES

   1. Changes to the Privacy Policy

   1. The Company may amend, update, or revise the terms of this Privacy Policy at any time to reflect changes in legal requirements, business operations, or service offerings.
   2. Any such amendments will be communicated to you through the KOKKOK app and/or other appropriate channels at least seven (7) business days prior to the effective date of the changes.

   2. Notification and Effectiveness

   1. The updated version of the Privacy Policy will be posted on our official website at https://laosmartmobility.com.

   2. It is your responsibility to periodically review the Privacy Policy to stay informed about any updates or changes.

   3. Continued Use as Agreement

   Your continued use of the KOKKOK app, or continued communication or engagement with the Company following the effective date of any amendments, constitutes your acceptance of and agreement to be bound by the revised Privacy Policy, regardless of whether you have reviewed it.

10. X. HOW TO CONTACT US

    1. Contact Information

    If you have any questions, concerns, or requests related to this Privacy Policy, or if you wish to exercise any of your rights regarding your Personal Data, please contact our Data Protection Officer using the details below:

    1. E-mail: contact@laosmartmobility.com

    2. Company Name: Lao Smart Mobility Co., Ltd (Attention: Lao Smart Mobility Privacy Office)
    3. Address: ASEAN Road (T2), Nongdouang Village, Sikhottabong District, Vientiane Capital, Lao PDR

    2. Language Version

    This Privacy Policy is originally written in English. In the event of any discrepancy or conflict between the English version and any translated version, the English version shall prevail.

    3. Effective Date

    This Privacy Policy was last updated on April 1, 2026.