Privacy Policy

1. Legal Basis

We manage Users’ Personal Data in accordance with the applicable laws of Indonesia, including but not limited to:

• Law No. 27 of 2022 on Personal Data Protection (“PDP Law”);
• Law No. 11 of 2008 on Electronic Information and Transactions, as last amended by Law No. 1 of 2024 on the Second Amendment to Law No. 11 of 2008 (“ITE Law”);
• Government Regulation No. 71 of 2019 on the Operation of Electronic Systems and Transactions;
• Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems; and/or
• Other relevant laws and regulations on personal data protection in Indonesia, whether currently in effect or to be enacted in the future, governing the processing, storage, management, disclosure, and protection of personal data in both digital and non-digital ecosystems.

2. Definitions

To facilitate understanding of this policy, key terms are defined as follows:

• “Personal Data”: Any data relating to an individual who is identified or can be identified directly or indirectly, alone or in combination with other information, whether through electronic or non-electronic systems.
• “Processing”: Any operation or set of operations on Personal Data, whether automated or manual, including but not limited to collection, recording, organization, storage, updating, modification, retrieval, use, disclosure, dissemination, deletion, or destruction.
• “Personal Data Controller”: A party that determines the purposes and means of processing Personal Data.
• “Personal Data Processor”: A party that processes Personal Data on behalf of or under the instructions of the Controller.
• “Consent”: A clear, freely given, specific, and informed statement or action from the data subject agreeing to the processing of their Personal Data.
• “Personal Data Breach”: Any unauthorized and/or unlawful incident that causes access, disclosure, alteration, loss, or destruction of Personal Data.

3. Types of Personal Data Collected

We may collect various types of Personal Data from Users, either directly through interactions with our Site and/or Services or indirectly through third parties. These include, but are not limited to:

• Personal identifiers: full name, email address, phone number, ID number (if explicitly requested);
• Demographic data: gender, date of birth, nationality, and residence;
• Account and authentication data: username, password, account activity logs;
• Financial and transactional data: payment history, payment methods, transaction details;
• Technical data: IP address, device type, operating system, browser type, cookie identifiers, and log data;
• Behavioral and preference data: interaction history with the Site/Services, browsing history, and user preferences;
• Location data (approximate or precise, if permitted by the User’s device/browser);
• Voluntarily submitted data, including but not limited to contact forms, surveys, reviews, and communications with customer service.

4. Purpose of Using Personal Data

Personal Data will be processed for legitimate purposes in compliance with applicable laws, to optimize services and support business growth, including:

• Verifying identity and securely managing User accounts;
• Processing transactions and delivering requested services (subscriptions, payments, notifications);
• Providing customer support, handling inquiries, complaints, and dispute resolution;
• Enhancing personalized User experience based on interests and behavior;
• Delivering relevant content, recommendations, or promotions based on usage analytics;
• Managing digital marketing activities, promotions, newsletters, surveys, and market research (with User consent);
• Conducting data analytics, modeling, A/B testing, market segmentation, and AI-powered processing;
• Internal reporting, service performance evaluation, operational and commercial effectiveness;
• Fulfilling legal, tax, audit, and regulatory obligations, and responding to lawful government or authority requests;
• Preventing and detecting fraud, abuse, policy violations, and legal breaches;
• Ensuring system security, integrity, and safety for Users and related parties.

5. Legal Basis for Data Processing

We process Personal Data on the following legal bases:

• Explicit consent freely given by Users for one or more specific purposes;
• Contractual necessity, where processing is required to fulfill obligations or pre-contractual steps;
• Legal obligations, based on statutes, regulations, or lawful authority requests;
• Legitimate interest, where processing is justified without violating fundamental rights (e.g., security, service improvement);
• Vital interest, in emergencies or threats to life/safety;
• Public interest or legal authority, for duties mandated by law.

6. Disclosure to Third Parties

We do not sell or rent Users’ Personal Data. Data may be disclosed to third parties under the following conditions:

• To third-party service providers supporting IT, payments, data management, customer service, marketing, etc., under confidentiality agreements;
• To business partners or affiliates for joint services, promotions, and product development (with adequate safeguards);
• In business transfers (mergers, acquisitions, restructurings), with notice if required by law;
• As required by law, court orders, or government authorities;
• To protect the legal rights, safety, or interests of Users or the public;
• In aggregated or anonymized form for research, analytics, or statistics;
• In any lawful situation with User consent.

7. User Rights

Users, as data subjects, have certain rights under applicable law, including:

• Right to information about data processing purposes and legal basis;
• Right to access and obtain a copy of Personal Data;
• Right to correct or update inaccurate/incomplete data;
• Right to withdraw consent for specific purposes;
• Right to request data deletion under certain legal conditions.

These rights are subject to legal, contractual, and security limitations. Requests may be denied if they conflict with laws or service operations. Requests can be made via the contact information below and will be reviewed in a fair, timely manner.

8. Withdrawal of Consent & Data Deletion

Users may withdraw their consent for specific data processing by contacting us. This may affect access to certain features/services if consent is essential to processing. We are not liable for consequences resulting from lawful withdrawal.

Users may also request deletion of their data if:

• The data is no longer necessary for original purposes;
• Consent is withdrawn and no other legal basis exists;
• The processing was unlawful;
• Deletion is required to meet legal obligations.

Requests will be processed proportionally, subject to verification and reasonable response time.

9. Use of Cookies & Tracking Technologies

We and our third-party partners use cookies and similar technologies (e.g., web beacons, pixel tags) to collect and store information when Users interact with the Site/Services. These are used to:

• Enable core Site functionality and performance;
• Save preferences for a personalized experience;
• Analyze usage for performance and quality improvements;
• Provide relevant content and advertising;
• Integrate with third-party platforms (e.g., social media, payment providers).

Essential cookies are required for operation; others require User consent (e.g., analytics, marketing). Users can manage cookies via browser settings. Disabling certain cookies may affect site functionality.

10. Data Security

We are committed to protecting User data using reasonable technical and organizational measures aligned with industry standards and laws, including encryption, firewalls, limited access, audits, and periodic testing. However, no system or internet transmission is 100% secure. We cannot guarantee absolute security. Users are responsible for keeping their authentication credentials confidential and should contact us immediately if a security breach is suspected.

11. Data Storage & Retention

We retain Personal Data only as long as necessary for the purposes stated in this Policy or as legally required. Retention is based on proportionality and data minimization principles. When no longer needed, we will delete or anonymize data per internal procedures.

Retention duration depends on:

• Type of data;
• Processing purpose;
• Contractual obligations;
• Legal/regulatory requirements.

We may retain data longer for audits, compliance, dispute resolution, or legal defense.

12. Prohibition on Use of Automated Tools

To protect system integrity and User data, it is strictly forbidden to use automated tools (e.g., bots, crawlers, plugins, scrapers) to interact with the Site/Services without our written consent.

Unauthorized use may result in:

• Temporary or permanent service suspension;
• Account or digital identity blocking;
• Technical detection and mitigation measures;
• Legal claims for damages.

Users must interact manually and lawfully with good faith.

13. Privacy Policy Updates

We reserve the right to change, revise, or update this Privacy Policy at any time without individual notice unless required by law. Changes may reflect technological, service, legal, policy, or operational updates. Updates will be effective as of the stated effective date and published on this page. By continuing to use our Site/Services after updates, Users agree to the revised policy. We encourage periodic review of this page.

14. Contact

For questions, access requests, corrections, deletions, or complaints regarding Personal Data or this Policy, please contact our Data Protection Team:

We will respond within a reasonable timeframe per legal requirements. Please include sufficient information to verify identity and clarify your request.