PT Siam Maspion Terminal respects the privacy rights of all individuals. To ensure that your personal data is protected, we have created this privacy notice to provide information regarding the collection, use, disclosure, deletion and destruction of your personal data in electronic and other formats based on Law Number 27 of 2022 concerning Personal Data Protection. and other applicable laws and regulations regarding the protection of personal data in Indonesia (“UU PDP”).
1. Definition
1.1 “We” means PT Siam Maspion Terminal.
1.2. “You” means the individual vendor, our company vendor directors, and vendor operators and staff.
1.3. “Processing” means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting and/or destroying personal data.
1.4. “Personal data” means any data relating to an identified or identifiable natural person that can be identified alone or combined with other information directly or indirectly via an electronic or non-electronic system.
2. Processing Objective
2.1. Contractual Requirements: We process your personal data to perform contracts between us and our vendors.
2.2. Legitimate Interests: We process your personal data to pursue our legitimate interests or the interests of third parties. Examples include:
2.2.1 Contract Performance: To perform contracts with our vendors, including procurement, inspection, payment for goods and services, relationship management, and job evaluation as specified in purchase orders, contracts, or other procurement-related documents.
2.2.2 Business Operations: To manage, develop and run our business operations, including website and application administration, research (e.g. interviews, questionnaires), fraud prevention and detection, crime prevention and maintenance of IT systems.
2.2.3 Security: To protect security through measures such as personal data protection, access control, and identity authentication when you log in to your user account.
2.2.4 Marketing Research and Data Analysis: To conduct marketing research and data analysis, including sending news and features via email, SMS, apps, social media, telephone and direct mail, as well as conducting questionnaires and interviews with you.
2.2.5 Legal Claims: To establish, exercise, or defend legal claims against you or us.
2.3. Vital Interests: We process your personal data to protect your or another person’s vital interests, such as making contact in emergencies and controlling and preventing disease.
2.4. Legal Compliance: We process your personal data to comply with our legal obligations.
2.5. Public interest: We process your personal data to carry out tasks carried out in the public interest or in the exercise of official authority vested in us.
Consent: We process your personal data based on your consent for specific purposes, which will be communicated to you when obtaining consent. Further information about your consent and its implications can be found in the next section of this privacy notice.
3. Personal Data We Collect
3.1. Data Collection Sources: We collect personal data directly from you and indirectly from trusted sources such as public organizations, business partners, individuals who may lawfully disclose your personal data, and trusted service providers.
3.2. Data from Vendors: When you contact us or when you (or a company vendor) supplies us with products or services, we collect the following personal data:
3.2.1 Contact Information: Name, Email address, telephone number.
3.2.2 Identity Verification Information: Name, mobile number, email.
3.2.3 Job-Related Information: Job details, information related to managing your safety, hygiene and work environment, occupation, job title, other data that you provide to us when contacting us or supplying products or services.
3.3. Data from Premises Visits: When you visit our premises, we collect, monitor and process your images and videos recorded by CCTV in designated areas. We will display signage to inform you of areas where CCTV operates.
3.4. Other Data: Photos and Videos taken while you participate in our workshops or work with us.
3.5. Additional Data Collection: If we need to collect additional personal data, we will notify You and process the data in accordance with the PDP Law.
Disclosure of Third Party Data: If you disclose other people’s personal data to us, you must be able to do so lawfully and in compliance with PDP Laws, including informing data subjects of this privacy notice and other related documents and obtaining any necessary consent before or at the time of disclosure.
4. Cookies
4.1. We use cookies and similar technologies to collect personal data as specified in our Cookie Notice.
5. Consent, Withdrawal, and Consequences
5.1. Right to Withdraw Consent: If we rely on your consent to process personal data, you can withdraw your consent at any time. Withdrawal will not affect the validity of processing carried out prior to withdrawal.
5.2. Consequences of Withdrawal or Refusal: Withdrawing your consent or refusing to provide certain information may result in our inability to fulfill some or all of the purposes stated in this privacy notice.
5.3. How to Withdraw Consent: You can withdraw your consent by following the instructions provided in the channel where consent was obtained (for example, changing the settings in your user account).
6. Retention Period
6.1. Data Retention Duration: We will retain your personal data for the period necessary to fulfill the stated purposes. We may retain certain data for up to 5 years to defend against legal claims. If the retention period is unclear, we will retain the data for the usual period in accordance with retention standards.
6.2. Data Deletion and Destruction: We have established an audit system to delete or destroy your personal data when the retention period expires or when the data becomes irrelevant or unnecessary for the purposes for which it was collected.
6.3. Retention After Withdrawal of Consent: If your personal data is processed based on consent, we will stop processing it after you withdraw consent. However, we may retain your personal data to record your withdrawals and respond to future requests.
7. Disclosure of Your Personal Data
7.1. Recipient of Personal Data: We disclose and share your personal data with:
7.1.1 Individuals and other entities, such as:
7.1.1.1 Auditors, consultants and advisors
7.1.1.2 Government agencies (e.g., Department of Revenue, Anti-Money Laundering Office)
7.1.1.3 Other relevant persons who enable us to conduct business, provide products and services, and fulfill the purposes for which we collect and process personal data as described in this privacy notice.
7.2. Separate Privacy Notices: The recipients of your personal data listed in clause 7.1 may have their own privacy notices. Please read their privacy notice to understand how they process your personal data.
7.3. Business Restructuring: If we restructure our business, sell or transfer assets, acquire a business, or merge with another business, we may disclose your personal data to our partners and advisors. We will do our best to protect your data and require our partners and advisors to comply with the PDP Act and this privacy notice.
7.4. Protective Measures: We will require recipients of your personal data to take appropriate measures to protect your personal data, process it correctly and only when necessary, and prevent unauthorized use or disclosure.
8. Security Measures
8.1. Technical and Organizational Measures: We have implemented technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure or destruction. These measures include encryption and access restrictions to ensure only authorized personnel have access to your data and are trained in the importance of data protection.
8.2. Comprehensive Security Measures: We maintain comprehensive security measures, including administrative, technical, and physical safeguards (such as access control and user access management), to prevent unlawful loss, access, use, alteration, or disclosure of personal data. We review and update these measures as necessary or as technology changes to ensure effective security.
8.3. Protection of Certain Personal Data: If we process certain personal data, we will use our best efforts to implement appropriate security measures to protect that data.
9. Your Rights as a Data Subject
9.1. Summary of Your Rights under the PDP Law: You have the following rights:
9.1.1 Right to Information: To receive clear information about our identity, accountability, purposes of data processing and the basis for data processing.
9.1.2 Right to Withdraw Consent: To withdraw the consent you have provided to us at any time.
9.1.3 Access Rights: To request to view and copy your personal data or to disclose the sources from which we obtained your personal data.
9.1.4 Right to Data Portability: To request that we send or transfer personal data in electronic form to another data controller as required by the PDP Law.
9.1.5 Right to Object: To object to our collection, use or disclosure of your personal data.
9.1.6 Right to Erasure: To request that we delete, destroy or anonymize your personal data.
9.1.7 Restriction Rights: To request that we suspend use of your personal data.
9.1.8 Right to Object to Automated Decision Making: Object to decisions based solely on automated processing that have legal consequences or have a significant impact on you.
9.1.9 Right to Rectification: Request that we correct your personal information to ensure it is current, complete, and accurate.
9.1.10 Right to File a Complaint: To file a complaint with the Personal Data Protection Authority if we, our data processors, employees or contractors violate or do not comply with the PDP Law.
9.2. Processing of Rights Requests: We will consider your request, notify you of the outcome, and carry it out (if appropriate) within the time period specified by the PDP Law from the date we receive the request. Your rights will be processed in accordance with the PDP Law.
9.3. How to Exercise Your Rights: You can exercise your legal rights by sending your request by email to the data controller.
10. Information about the Data Controller and Data Protection Officer
10.1. Data Controller: The data controller of this privacy notice is PT Siam Maspion Terminal
10.2. Business Address: Maspion V Industrial Area, Jl. Beta Maspion, Manyar Sidomukti, Manyar, Gresik Regency, East Java 61151.
10.3. Contact Information: If you have any questions about this privacy notice, you can contact the data controller:
• Nanang Cahyono – ncahyono@smtjetty.com.
11. Miscellaneous
11.1. Amendments to Privacy Notice: If this privacy notice is changed, we will post the new privacy notice on our website or through other channels. The new privacy notice will take effect immediately on the date of the announcement.