PT Siam Maspion Terminal respects the privacy rights of all individuals. To ensure that your personal data is protected, we have created this privacy notice to provide information regarding the collection, use, disclosure, deletion and destruction of your personal data in electronic and other formats based on Law Number 27 of 2022 concerning Personal Data Protection. and other applicable laws and regulations regarding the protection of personal data in Indonesia (“UU PDP”).
1. Definition
1.1. “We” means PT Siam Maspion Terminal.
1.2. “You” means individuals who visit our locations and individuals who participate in our events and activities.
1.3. “Processing” means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting and/or destroying personal data.
1.4. “Personal data” means any data relating to an identified or identifiable natural person that can be identified alone or combined with other information directly or indirectly via an electronic or non-electronic system.
2. Processing Objective
2.1. Contract Requirements: We process your personal data to carry out our contractual obligations, including employment contracts, preparation, compliance and personnel management. This includes compliance with our code of ethics, staff transfers, placement, training, performance appraisals, position considerations, compensation management, and ensuring the health and safety of our employees.
2.2. Legal Compliance: We process your personal data to comply with legal obligations such as labor protection laws, labor relations laws, social security laws, occupational health and safety laws, as well as regulations on occupational diseases and the control of infectious diseases.
2.3. Legitimate Interests: We process your personal data to pursue our legitimate interests. This includes human resource management, workforce analysis and allocation, employee development, health and insurance benefits, staff facilities, financial and budget management, internal communications, interaction with third parties, registration and certification processes, document publication, report preparation, delivery information to the government. or regulatory bodies, verification of employee information, creation of databases for employment history, communications, dissemination of news, improvement of the workplace, provision of facilities, information security, creation of user accounts, system access, security measures, prevention of accidents and crimes, investigation of complaints and fraud.
2.4. Vital Interests: We process your personal data to protect your vital interests or the interests of others. This includes emergency contacts and disease control and prevention.
2.5. Public interest: We process your personal data where necessary to carry out tasks in the public interest or to exercise official authority vested in us.
2.6. Permission: We process your personal data based on your consent for specific purposes, which will be communicated to you when obtaining consent. Further information about your consent and its implications can be found in the next section of this privacy notice.
3. Personal Data We Collect
3.1. Data Collection Sources: We collect personal data directly from you and indirectly from trusted sources such as public organizations, recruitment platforms, individuals who may lawfully disclose your personal data, and trusted service providers.
3.2. Types of Personal Data Collected: We collect the following types of personal data:
3.2.1 Recruitment Information: Resumes, CVs, job application letters, and comments from recruiters.
3.2.2 Contact Information: First name, last name, address, phone number, email and social media details.
3.2.3 Identification Information: Citizen identification number, passport number, driver’s license number, social security number, national insurance number, taxpayer identification number, and other government-issued identification numbers.
3.2.4 Immigration and Residency Information: Residence permits, stay permits, work permits, visas and similar documents.
3.2.5 Personal Information: Date of birth, age, gender, marital status, interests and opinions.
3.2.6 Family Information: Data about family members or dependents who are entitled to receive benefits, such as spouses, children, parents, and beneficiaries. Please inform these individuals of this privacy notice before providing their information.
3.2.7 Photos and Videos
3.2.8 Education and Competency Information: Education level, institution, training history, test results, driver’s license, employment rights, professional qualifications, language skills and reference information.
3.2.9 Work Experience: Positions held, employer details, previous salary, and compensation.
3.2.10 Employee Characteristics: Habits, behavior, attitudes, skills, leadership, teamwork abilities, emotional intelligence, and organizational commitment, obtained from observation and analysis.
3.2.11 Regulatory Reporting Information: Data required for reporting to regulatory bodies such as the Ministry of Manpower.
3.2.12 Financial Data: Bank account information, wages, salaries, income, tax details, deposits, loans, tax deductions or exemptions, and securities holdings.
3.2.13 Social Security and Benefits: Data on social security, labor protection, benefits, welfare and compensation in accordance with company regulations.
3.2.14 Attendance Records: Attendance time, work duration, overtime, absenteeism, and leave.
3.2.15 Employment History: Positions held, meeting attendance, opinions and additional information for directors.
3.2.16 IT Usage Data: Information about use of and access to company computers, information systems, websites, applications, networks and electronic devices in accordance with IT policies and laws.
3.2.17 Participation Data: Information from your participation in activities, surveys, and assessments.
3.2.18 Shared Information: Data you share through applications, tools, questionnaires, assessments, and various documents.
3.2.19 Identification Documents: Copies of KTP, passport, household registration, driver’s license, and other government-issued documents.
3.2.20 Emergency Contact Information
3.2.21 Vehicle and Driving Information: Data about your driving ability, your vehicle (for safety or parking permits), and driving behavior for company-provided vehicles.
3.2.22 Accident Information: Accident data, both work-related and non-work related.
3.2.23 Employment and Welfare Data: Information necessary to comply with employment contracts, welfare, benefits, analysis, administration, post-retirement care and applicable laws.
3.2.24 Whistleblowing and Disciplinary Data: Information regarding whistleblowing, complaints and disciplinary investigations.
3.3. Additional Data Collection: If we need to collect additional personal data, we will notify you and process the data in accordance with the PDP Law.
3.4. Certain Personal Data: We may need to collect and process certain personal data, including:
3.4.1 Personal financial data for salary and compensation payments.
3.4.2 General health data (e.g. food allergies, drug allergies, vaccinations) for event organization, accommodations and compliance with legal and regulatory requirements.
3.4.3 Criminal act data.
3.5. Disclosure of Third Party Data: If you disclose other people’s personal data to us, you must be able to do so lawfully and in compliance with PDP Laws, including informing data subjects of this privacy notice and other related documents and obtaining any necessary consent before or at the time of disclosure.
4. Cookies
4.1. We use cookies and similar technologies to collect personal data as specified in our Cookie Notice.
5. Consent, Withdrawal, and Consequences
5.1. Right to Withdraw Consent: If we rely on your consent to process personal data, you can withdraw your consent at any time. Withdrawal will not affect the validity of processing carried out prior to withdrawal.
5.2. Consequences of Withdrawal or Refusal: Withdrawing your consent or refusing to provide certain information may result in our inability to fulfill some or all of the purposes stated in this privacy notice.
5.3. How to Withdraw Consent: You can withdraw your consent by following the instructions provided in the channel where consent was obtained (for example, changing the settings in your user account).
6. Retention Period
6.1. Data Retention Duration: We will retain your personal data for the period necessary to fulfill the stated purposes. We may retain certain data for up to 5 years to defend against legal claims. If the retention period is unclear, we will retain the data for the usual period in accordance with retention standards.
6.2. Data Deletion and Destruction: We have established an audit system to delete or destroy your personal data when the retention period expires or when the data becomes irrelevant or unnecessary for the purposes for which it was collected.
6.3. Retention After Withdrawal of Consent: If your personal data is processed based on consent, we will stop processing it after you withdraw consent. However, we may retain your personal data to record your withdrawals and respond to future requests.
7. Disclosure of Your Personal Data
7.1. Recipient of Personal Data: We disclose and share your personal data with:
7.1.1 Individuals and other entities, such as:
7.1.1.1 Financial service providers (e.g., banks, payment companies, electronic payment service providers, credit providers)
7.1.1.2 IT service providers (e.g., cloud services, blockchain systems, data analytics, SMS, or email providers)
7.1.1.3 Auditors, consultants and advisors
7.1.1.4 Government agencies (e.g., Department of Revenue, Anti-Money Laundering Office)
7.1.1.5 Insurance company
7.1.1.6 Other relevant persons who enable us to conduct business, provide products and services, and fulfill the purposes for which we collect and process personal data as described in this privacy notice.
7.2. Separate Privacy Notice: The recipients of your personal data listed in clause 7.1 may have their own privacy notices. Please read their privacy notice to understand how they process your personal data.
7.3. Business Restructuring: If we restructure our business, sell or transfer assets, acquire a business, or merge with another business, we may disclose your personal data to our partners and advisors. We will do our best to protect your data and require our partners and advisors to comply with the PDP Act and this privacy notice.
7.4. Protective Actions: We will require recipients of your personal data to take appropriate measures to protect your personal data, process it correctly and only when necessary, and prevent unauthorized use or disclosure.
8. Security Measures
8.1. Technical and Organizational Measures: We have implemented technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure or destruction. These measures include encryption and access restrictions to ensure only authorized personnel have access to your data and are trained in the importance of data protection.
8.2. Comprehensive Security Measures: We maintain comprehensive security measures, including administrative, technical, and physical safeguards (such as access control and user access management), to prevent unlawful loss, access, use, alteration, or disclosure of personal data. We review and update these measures as necessary or as technology changes to ensure effective security.
8.3. Protection of Certain Personal Data: If we process certain personal data, we will use our best efforts to implement appropriate security measures to protect that data.
9. Your Rights as a Data Subject
9.1. Summary of Your Rights under the PDP Law: You have the following rights:
9.1.1 Right to Information: To receive clear information about our identity, accountability, purposes of data processing and the basis for data processing.
9.1.2 Right to Withdraw Consent: To withdraw the consent you have provided to us at any time.
9.1.3 Access Rights: To request to view and copy your personal data or to disclose the sources from which we obtained your personal data.
9.1.4 Right to Data Portability: To request that we send or transfer personal data in electronic form to another data controller as required by the PDP Law.
9.1.5 Right to Object: To object to our collection, use or disclosure of your personal data.
9.1.6 Right to Erasure: To request that we delete, destroy or anonymize your personal data.
9.1.7 Restriction Rights: To request that we suspend use of your personal data.
9.1.8 Right to Object to Automated Decision Making: Object to decisions based solely on automated processing that have legal consequences or have a significant impact on you.
9.1.9 Right to Rectification: Request that we correct your personal information to ensure it is current, complete, and accurate.
9.1.10 Right to File a Complaint: To file a complaint with the Personal Data Protection Authority if we, our data processors, employees or contractors violate or do not comply with the PDP Law.
9.2. Processing of Rights Requests: We will consider your request, notify you of the outcome, and carry it out (if appropriate) within the time period specified by the PDP Law from the date we receive the request. Your rights will be processed in accordance with the PDP Law.
9.3. How to Exercise Your Rights: You can exercise your legal rights by sending your request by email to the data controller.
10. Information about the Data Controller and Data Protection Officer
10.1. Data Controller: The data controller of this privacy notice is PT Siam Maspion Terminal
10.2. Business Address: Maspion V Industrial Area, Jl. Beta Maspion, Manyar Sidomukti, Manyar, Gresik Regency, East Java 61151.
10.3. Contact Information: If you have any questions about this privacy notice, you can contact the data controller:
• Nanang Cahyono – ncahyono@smtjetty.com.
11. Miscellaneous
11.1. Amendments to Privacy Notice: If this privacy notice is changed, we will post the new privacy notice on our website or through other channels. The new privacy notice will take effect immediately on the date of the announcement.