Effective date: December 15, 2022
If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.
Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meanins as in Chapter 1 verse 1 subsection 1 of PDPL.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Chapter 1 verse 1 subsection 5 of PDPL.
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the duration of a page visitthe type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).
Cookies are small pieces of data stored on a User’s device.
Regulation (ID) 2022 of the Indonesian Law No. 27 of 2022 issue on 17 October 2022 regarding of Personal Data Protection (Personal Data Protection Law).
Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Chapter 1 verse 1 subsection 5 of PDPL.
Data Subject is any living individual (natural person) who is the subject of Personal Data.
The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
We collect several different types of information for various purposes to provide and improve our Service to you, perform a contract and to fulfil legal obligations to which we are the subject.
While using our Service, we may ask you to provide us with certain types of Personal Data that personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
There are different purposes for processing Personal Data and each processing activity must rely on one of the legal basis. The Company processes your Personal Data relying on the following legal basis:
In the below table you will find some examples for which purposes and on what legal basis your Personal Data is being processed by us.
|Purpose of processing||Personal Data categories||Legal basis of processing|
|Pre-contractual relations (offer requests and responses thereto)||Identification data, Contact data, Incoming and outgoing email correspondence||Performance of Services and contract|
|Payments (calculating and managing fees for the Services used by User, invoice preparation, issuing and collecting payments)||Identification data, Contact data, Transaction ID (not Credit Card number)||Performance of Services and contract|
|Provision and maintenance of our Service; maintenance and development of customer relationship, (signing contracts, passing information on contract fulfilment, notifying you about changes to our Service, providing customer support)||Identification data, Contact data, Incoming and outgoing email correspondence||Performance of Services and contract|
|Managing circumstances and events influencing offering services to Users (informing, resolving complaints)||Identification data, Contact data||Performance of Services and contract|
|Client identification||Identification data||Performance of Services and contract|
|To operate our Service||Session Cookies||Performance of Services and contract|
|Client identification||Identification data||Legal obligation|
|Accounting (incl. preservation of accounting base documents)||Identification data, Contact data||Legal obligation|
|Informing the Minister of Communication and Information ('Kominfo') of Republic of Indonesia and the Data Subject about Personal Data violations||Identification data, Contact data||Legal obligation|
|Responding to public authorities' and state institutions' information requests||Identification data, Contact data||Legal obligation|
|Service development (inc. to gather analysis or valuable information so that we can improve our Service)||Identification data, Contact data, Usage Data||Legitimate interest|
|Intra-group data exchange||Identification data, Contact data||Legitimate interest|
|Maintaining and developing client relationship (responding to queries, general client service, info exchange)||Identification data, Contact data, Usage Data||Legitimate interest|
|General service statistics||Anonymized data||Legitimate interest|
|Providing evidence against claims of service non-compliance and/or the failure to fulfil contractual obligations, as well as providing evidence against a possible claim which may arise from any offence which may be committed; Customer service control and improvement||Incoming and outgoing email correspondence, Usage Data||Legitimate interest|
|For security purposes to detect, prevent and address technical issues and to monitor the usage of our Service||Security Cookies, Usage Data||Legitimate interest|
|To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information||Contact data||Legitimate interest|
|Direct marketing (e-mails, SMS)||Identification data, Contact data||Consent|
|To remember your preferences and various settings||Preference Cookies||Consent|
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Personal data is processed in the Indonesian Republik (ID). However, if Personal Data is transferred outside the ID, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the ID, and appropriate guarantees in accordance with the provisions of Chapter 7 part 2 verse 56 of PDPL.
When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.
When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.
The Company is also obliged to transfer Personal Data to state or local government institutions in cases specified in regulatory enactments (for example, Financial and Capital Market Commission, Consumer Rights Protection Centre, State Revenue Service, Financial Intelligence Unit of Latvia, State Security Service, State Police and other law enforcement agencies and financial investigation institutions), courts, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc.).
Under certain circumstances, The Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
However, the Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data. Some examples of the measures we use:
The Company aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.
If you wish to be informed what Personal Data we hold about you and receive a copy of the Personal Data we hold about you, please contact us.
You have the right to data portability for the information you provide to The Company. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. Please note that we may ask you to verify your identity before responding to such requests.
We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by The Company will only be in connection with the provision of agreed services and products. The exceptions are: providing information to CA, Bank, Payment gateways, ShopperApproved.com service and Government entities.
You have rights to request updating any personal information about you if it is inaccurate or incomplete. Please note, we are not able to modify any invoices for previous months, as all information already sent to local TAX/VAT office with original information provided.
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have Personal Data erased and to prevent processing in specific circumstances: (i)where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii) the Personal Data is processed in relation to the offer of information society services to a child; (iii) when you withdraws consent; (iv) the Personal Data was unlawfully processed (ie otherwise in breach of the PDPL); (v) when the individual objects to the processing and there is no overriding legitimate interest or other legal basis for continuing the processing; (vi) the Personal Data has to be erased in order to comply with a legal obligation.
We are not able to delete/remove issued and paid invoices, as we need to provide that information to local TAX/VAT office, however, rest information will be removed on your request.
You have rights under certain circumstances to request to ‘block’ or suppress processing of Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When processing is restricted, we are permitted to store the Personal Data, but not further process it.
You have the right to object to such data processing which is based on the Company’s legitimate interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data when you present an objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise or defence of legal claims. You also have the right to object at any time to processing of your Personal Data concerning for direct marketing. Upon receiving such objection we shall stop processing your Personal Data for direct marketing.
If you want to exercise any of the abovementioned rights, please contact us using the e-mail address firstname.lastname@example.org. In order to respond to your inquiry, we must first authenticate you to avoid granting information to unauthorized persons. We will respond to your inquiries within 30 days.
If you believe that processing of your Personal Data violates the PDPL requirements, you have the right to turn to the Minister of Communication and Information ('Kominfo') of Republik of Indonesia and the courts to protect your rights and interests.
In case processing the Personal Data is based on your consent or on a contract between us and Personal Data is processed automatically, you have the right to access Personal Data concerning you which you have given to us in a structured, generally usable and in machine readable form. You have rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way. We will provide all Personal Data in a structured way using open formats like CSV.
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We use third-party Service Providers to process/issue SSL certificates, PCI compliance tools, Domains and other services. To ensure performance of Services and contract we are permitted to pass your personal information and order details to our third-party Service providers.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page
Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.