PT Siam Maspion Terminal respects the privacy rights of all individuals. To ensure that your personal data is protected, we have created this privacy notice to provide information regarding the collection, use, disclosure, deletion and destruction of your personal data in electronic and other formats based on Law Number 27 of 2022 concerning Personal Data Protection. and other applicable laws and regulations regarding the protection of personal data in Indonesia (“UU PDP”).
1. Definition
1.1. “We” means PT Siam Maspion Terminal.
1.2. “You” means a representative of a company that is our customer or prospective customer, as well as our contact person, legal representative, director, employee, staff, advisor to a customer or prospective customer, or any other individual acting on behalf of a customer or prospective customer.
1.3. “Processing” means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting and/or destroying personal data.
1.4. “Personal data” means any data relating to an identified or identifiable natural person that can be identified alone or combined with other information directly or indirectly via an electronic or non-electronic system.
2. Processing Objective
2.1. Contract Requirements: We process your personal data because it is necessary to perform the contract between you and us. These include:
2.1.1 Providing you with service
2.1.2 Manage your account
2.1.3 Continuing accounting and financial issues.
2.2. Legitimate Interests: We process your personal data to pursue our legitimate interests or the interests of third parties. These include:
2.2.1 Business Operations: Manage, develop, and execute our business operations, including website and application administration and development, fraud prevention and detection, crime prevention, relationship management for current and prospective customers, and maintenance of information technology (IT) systems.
2.2.2 Security: Protect your security through measures such as personal data protection, access control, and identity authentication when you log in to your user account.
2.2.3 Marketing and Data Analysis: Conduct marketing research and data analysis, send news and features via email, SMS, apps, social media, telephone and direct mail, and conduct questionnaires and interviews with you.
2.2.4 Legal Claims: Establish, exercise, or defend legal claims for you or us.
2.3. Vital Importance: We process your personal data to protect your or others’ vital interests, such as making contact in emergencies and controlling and preventing disease.
2.4. Legal Compliance: We process your personal data to comply with our legal obligations.
2.5. Public interest: We process your personal data to carry out tasks carried out in the public interest or in the exercise of official authority vested in us.
2.6. Permission: With your consent, we process your personal data to:
1.6.1 Communications: Allow us and our partners to send you news and specials via email, SMS, apps, social media, phone and direct mail.
1.6.2 Additional Activities: We process your personal data based on your consent for specific purposes, which will be communicated to you when obtaining consent.
3. Personal Data We Collect
3.1. Sources of Data Collection: We collect personal data directly from you and indirectly from trusted sources such as public organizations, business partners, individuals who can legally disclose your personal data, and trusted service providers.
3.2. Online Interaction: When you visit the website or contact us online, we collect personal data such as Name, email address, mobile number.
3.3. Certain Personal Data: If we need to process certain personal data (for example, financial data or other sensitive data as determined by law), we will clearly inform you of the specific types of personal data we collect and the reasons for processing either in this privacy notice or through other appropriate channels. We will process such data in compliance with laws and regulations and implement appropriate safeguards to ensure its security and confidentiality.
3.4. Third Party Data Disclosure: If you disclose other people’s personal data to us, you must be able to do so lawfully and in compliance with PDP Laws, including informing data subjects of this privacy notice and other related documents and obtaining any necessary consent before or at the time of disclosure.
4. Cookies
4.1. We use cookies and similar technologies to collect personal data as specified in our Cookie Notice.
5. Consent, Withdrawal, and Consequences
5.1. Right to Withdraw Consent: If we rely on your consent to process personal data, you can withdraw your consent at any time. Withdrawal will not affect the validity of processing carried out prior to withdrawal.
5.2. Consequences of Withdrawal or Refusal: Withdrawing your consent or refusing to provide certain information may result in our inability to fulfill some or all of the purposes stated in this privacy notice.
5.3. How to Withdraw Consent: You can withdraw your consent by following the instructions provided in the channel where consent was obtained (for example, changing the settings in your user account).
6. Retention Period
6.1. Data Retention Duration: We will retain your personal data for the period necessary to fulfill the stated purposes. We may retain certain data for up to 5 years to defend against legal claims. If the retention period is unclear, we will retain the data for the usual period in accordance with retention standards.
6.2. Data Deletion and Destruction: We have established an audit system to delete or destroy your personal data when the retention period expires or when the data becomes irrelevant or unnecessary for the purposes for which it was collected.
6.3. Retention After Withdrawal of Consent: If your personal data is processed based on consent, we will stop processing it after you withdraw consent. However, we may retain your personal data to record your withdrawals and respond to future requests.
7. Disclosure of Your Personal Data
7.1. Recipient of Personal Data: We disclose and share your personal data with:
7.1.1 Individuals and other entities, such as:
a. Auditors, consultants and advisors
b. Government agencies (e.g., Department of Revenue, Anti-Money Laundering Office)
c. Other relevant persons who enable us to conduct business, provide products and services, and fulfill the purposes for which we collect and process personal data as described in this privacy notice.
7.2. Separate Privacy Notice: The recipients of your personal data listed in clause 7.1 may have their own privacy notices. Please read their privacy notice to understand how they process your personal data.
7.3. Business Restructuring: If we restructure our business, sell or transfer assets, acquire a business, or merge with another business, we may disclose your personal data to our partners and advisors. We will do our best to protect your data and require our partners and advisors to comply with the PDP Act and this privacy notice.
7.4. Protective Actions: We will require recipients of your personal data to take appropriate measures to protect your personal data, process it correctly and only when necessary, and prevent unauthorized use or disclosure.
8. Security Measures
8.1. Technical and Organizational Measures: We have implemented technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure or destruction. These measures include encryption and access restrictions to ensure only authorized personnel have access to your data and are trained in the importance of data protection.
8.2. Comprehensive Security Measures: We maintain comprehensive security measures, including administrative, technical, and physical safeguards (such as access control and user access management), to prevent unlawful loss, access, use, alteration, or disclosure of personal data. We review and update these measures as necessary or as technology changes to ensure effective security.
8.3. Protection of Certain Personal Data: If we process certain personal data, we will use our best efforts to implement appropriate security measures to protect that data.
9. Your Rights as a Data Subject
9.1. Summary of Your Rights under the PDP Law: You have the following rights:
9.1.1 Right to Information: To receive clear information about our identity, accountability, purposes of data processing and the basis for data processing.
9.1.2 Right to Withdraw Consent: To withdraw the consent you have provided to us at any time.
9.1.3 Access Rights: To request to view and copy your personal data or to disclose the sources from which we obtained your personal data.
9.1.4 Right to Data Portability: To request that we send or transfer personal data in electronic form to another data controller as required by the PDP Law.
9.1.5 Right to Object: To object to our collection, use or disclosure of your personal data.
9.1.6 Right to Erasure: To request that we delete, destroy or anonymize your personal data.
9.1.7 Restriction Rights: To request that we suspend use of your personal data.
9.1.8 Right to Object to Automated Decision Making: Object to decisions based solely on automated processing that have legal consequences or have a significant impact on you.
9.1.9 Right to Rectification: Request that we correct your personal information to ensure it is current, complete, and accurate.
9.1.10 Right to File a Complaint: To file a complaint with the Personal Data Protection Authority if we, our data processors, employees or contractors violate or do not comply with the PDP Law.
9.2. Processing of Rights Requests: We will consider your request, notify you of the outcome, and carry it out (if appropriate) within the time period specified by the PDP Law from the date we receive the request. Your rights will be processed in accordance with the PDP Law.
9.3. How to Exercise Your Rights: You can exercise your legal rights by sending your request by email to the data controller.
10. Information about the Data Controller and Data Protection Officer
10.1. Data Controller: The data controller of this privacy notice is PT Siam Maspion Terminal
10.2. Business Address: Maspion V Industrial Area, Jl. Beta Maspion, Manyar Sidomukti, Manyar, Gresik Regency, East Java 61151.
10.3. Contact Information: If you have any questions about this privacy notice, you can contact the data controller:
• Nanang Cahyono – ncahyono@smtjetty.com.
11. Miscellaneous
11.1. Amendments to Privacy Notice: If this privacy notice is changed, we will post the new privacy notice on our website or through other channels. The new privacy notice will take effect immediately on the date of the announcement.