October 22, 2024

Privacy Notices for Shareholders, Directors, Commissioners and Committee Members

PT Siam Maspion Terminal respects the privacy rights of all individuals. To ensure that your personal data is protected, we have created this privacy notice to provide information regarding the collection, use, disclosure, deletion and destruction of your personal data in electronic and other formats based on Law Number 27 of 2022 concerning Personal Data Protection. and other applicable laws and regulations regarding the protection of personal data in Indonesia (“UU PDP”).

1. Definition

1.1. “We” means PT Siam Maspion Terminal.

1.2. “You” means shareholders, directors, commissioners, committee members and related persons, including but not limited to lawyers, nominees, agents, partners, spouses, parents, siblings, children, partners of children , and connected persons as defined in applicable law.

1.3. “Processing” means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting and/or destroying personal data.

1.4. “Personal data” means any data relating to an identified or identifiable natural person that can be identified alone or combined with other information directly or indirectly via an electronic or non-electronic system.

2. Processing Objective

2.1. Legal Compliance: We process your personal data to comply with legal obligations regarding corporate affairs, and other applicable laws. This includes incorporation, capital changes, business restructuring, and registration renewal. Specifically, we process your personal data to:

2.1.1 Organize and conduct shareholder meetings.

2.1.2 Select and nominate directors, commissioners and committee members in accordance with Financial Services Institution (OJK) regulations.

2.1.3 Organize and organize board meetings.

2.1.4 Manage the rights and obligations of shareholders and debt securities holders.

2.1.5 Pay dividends and interest on bonds.

2.1.6 Generate, submit, and publish accounting and legal reports.

2.1.7 Comply with the laws governing limited liability companies.

2.1.8 Comply with rules, regulations and orders of competent authorities.

2.2. Contract Requirements: We process your personal data to fulfill the contract between us and you. These include:

2.2.1 Paying remuneration and assessing performance.

2.2.2 Enables your participation in activities.

2.3. Legitimate Interests: We process your personal data for our or third parties’ legitimate interests, including:

2.3.1 Manage our company and accommodate you.

2.3.2 Producing, recording and disclosing reports of meetings you attend.

2.3.3 Record video or audio in meetings.

2.3.4 Ensuring security and organizing events.

2.3.5 Establish legal demands.

2.3.6 Implement measures to control, prevent, quarantine, and combat disease.

2.3.7 Verify and authenticate your identity.

2.3.8 Restructuring, selling and transferring our business and assets.

2.4. Vital Interests: We process your personal data to protect your vital interests. This includes making contact in case of emergency and controlling and preventing disease.

2.5. Public interest: We process your personal data to carry out tasks carried out in the public interest, public service, or the exercise of official authority granted to us.

2.6. Permission: We process your personal data based on your consent for specific purposes, which will be communicated to you when obtaining consent. Further information about your consent and its implications can be found in the next section of this privacy notice.

3. Personal Data We Collect

3.1. Sources of Data Collection: We collect personal data directly from you.

3.2. Data from Shareholders: We collect your personal data when you become our shareholder. This data is collected directly from you. The personal data we collect includes:

  1. Name, surname
  2. Address
  3. Phone number
  4. Email address
  5. Contact details
  6. Nationality
  7. Work
  8. Date of birth
  9. Tax Number
  10. Identification number
  11. Passport number
  12. Blood type
  13. Taking pictures
  14. Video
  15. Bank account
  16. Number of shares
  17. Signature
  18. Gender
  19. Religious beliefs
  20. Marital status
  21. Place of birth

3.3. Data from Directors, Commissioners, Committee Members: If you are nominated or appointed as a director, commissioner or member of our committee, we will collect your personal data directly. The personal data we collect includes:

(1) Nomination and Election Process:

      • An identity card or government-issued document to verify your identity
      • First name, last name
      • Gender
      • Taking pictures
      • Age
      • Educational background
      • Professional experience
      • Director and managerial positions in other organizations

(2) Appointment and Position of Director/Commissioner/Committee Membership:

      • Citizen’s KTP and official identity documents
      • Immigration and residence documents, including residency permits, stay permits, work permits, visas and similar documents
      • No
      • Gender
      • Citizen number
      • Passport number
      • Date of birth
      • Age
      • Nationality
      • religion
      • Place of birth
      • Height
      • Training notes
      • Attendance at our activities
      • Marital status
      • Information about people with whom you have a legal relationship
      • Preference
      • Blood type
      • Address
      • Phone number
      • Email address
      • Contact details
      • Bank account number
      • Vehicle registration number
      • Educational background
      • Work
      • Professional history
      • Director or position in another organization
      • Attendance at board of directors, subcommittee, or shareholder meetings
      • Directors’ salaries
      • Securities depository information
      • Name of securities company
      • Director’s performance
      • Other information as required by law or good corporate governance principles

3.4. Data from Shareholder Meetings: When you register or attend our shareholder meetings, we process your data including:

    1. No
    2. Address
    3. Phone number
    4. Email address
    5. Number of shares currently owned
    6. Citizen or passport number
    7. The questions you ask
    8. Images, video, and audio are recorded during the meeting

3.5. Additional Data Collection: If you participate in our activities and we need to collect additional personal data, we will notify you and process the data in accordance with the PDP Law.

3.6. Certain Personal Data: If we need to process certain personal data (for example, personal financial data, health data, biometric data or other sensitive data as determined by law), we will clearly inform you of the specific types of personal data we collect and the reasons for processing either in this privacy notice or through other appropriate channels. We will process such data in compliance with laws and regulations and implement appropriate safeguards to ensure its security and confidentiality.

3.7. Disclosure of Third Party Data: If you disclose other people’s personal data to us, you must do so lawfully and in compliance with the PDP Act. This includes informing data subjects of this privacy notice and other relevant documents before or at the time of disclosure.

 

4. Cookies

4.1. We use cookies and similar technologies to collect personal data as specified in our Cookie Notice.

5. Consent, Withdrawal, and Consequences

5.1. Right to Withdraw Consent: If we rely on your consent to process personal data, you can withdraw your consent at any time. Withdrawal will not affect the validity of processing carried out prior to withdrawal.

5.2. Consequences of Withdrawal or Refusal: Withdrawing your consent or refusing to provide certain information may result in our inability to fulfill some or all of the purposes stated in this privacy notice.

5.3. How to Withdraw Consent: You can withdraw your consent by following the instructions provided in the channel where consent was obtained (for example, changing the settings in your user account).

6. Retention Period

6.1. Data Retention Duration: We will retain your personal data for the period necessary to fulfill the stated purposes. We may retain certain data for up to 5 years to defend against legal claims. If the retention period is unclear, we will retain the data for the usual period in accordance with retention standards.

6.2. Data Deletion and Destruction: We have established an audit system to delete or destroy your personal data when the retention period expires or when the data becomes irrelevant or unnecessary for the purposes for which it was collected.

6.3. Retention After Withdrawal of Consent: If your personal data is processed based on consent, we will stop processing it after you withdraw consent. However, we may retain your personal data to record your withdrawals and respond to future requests.

7. Disclosure of Your Personal Data

7.1. Recipient of Personal Data: We disclose and share your personal data with:

7.1.1 Individuals and other entities, such as:

      • Auditors, consultants and advisors
      • Government agencies (e.g., Department of Revenue, Anti-Money Laundering Office)
      • Insurance company
      • Other relevant persons who enable us to conduct business, provide products and services, and fulfill the purposes for which we collect and process personal data as described in this privacy notice.

7.2. Separate Privacy Notice: The recipients of your personal data listed in clause 7.1 may have their own privacy notices. Please read their privacy notice to understand how they process your personal data.

7.3. Business Restructuring: If we restructure our business, sell or transfer assets, acquire a business, or merge with another business, we may disclose your personal data to our partners and advisors. We will do our best to protect your data and require our partners and advisors to comply with the PDP Act and this privacy notice.

7.4. Protective Actions: We will require recipients of your personal data to take appropriate measures to protect your personal data, process it correctly and only when necessary, and prevent unauthorized use or disclosure.

 

8. Security Measures

8.1. Technical and Organizational Measures: We have implemented technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure or destruction. These measures include encryption and access restrictions to ensure only authorized personnel have access to your data and are trained in the importance of data protection.

8.2. Comprehensive Security Measures: We maintain comprehensive security measures, including administrative, technical, and physical safeguards (such as access control and user access management), to prevent unlawful loss, access, use, alteration, or disclosure of personal data. We review and update these measures as necessary or as technology changes to ensure effective security.

8.3. Protection of Certain Personal Data: If we process certain personal data, we will use our best efforts to implement appropriate security measures to protect that data.

9. Your Rights as a Data Subject

9.1. Summary of Your Rights under the PDP Law: You have the following rights:

9.1.1 Right to Information: To receive clear information about our identity, accountability, purposes of data processing and the basis for data processing.

9.1.2 Right to Withdraw Consent: To withdraw the consent you have provided to us at any time.

9.1.3 Access Rights: To request to view and copy your personal data or to disclose the sources from which we obtained your personal data.

9.1.4 Right to Data Portability: To request that we send or transfer personal data in electronic form to another data controller as required by the PDP Law.

9.1.5 Right to Object: To object to our collection, use or disclosure of your personal data.

9.1.6 Right to Erasure: To request that we delete, destroy or anonymize your personal data.

9.1.7 Restriction Rights: To request that we suspend use of your personal data.

9.1.8 Right to Object to Automated Decision Making: Object to decisions based solely on automated processing that have legal consequences or have a significant impact on you.

9.1.9 Right to Rectification: Request that we correct your personal information to ensure it is current, complete, and accurate.

9.1.10 Right to File a Complaint: To file a complaint with the Personal Data Protection Authority if we, our data processors, employees or contractors violate or do not comply with the PDP Law.

9.2. Processing of Rights Requests: We will consider your request, notify you of the outcome, and carry it out (if appropriate) within the time period specified by the PDP Law from the date we receive the request. Your rights will be processed in accordance with the PDP Law.

9.3. How to Exercise Your Rights: You can exercise your legal rights by sending your request by email to the data controller.

10. Information about the Data Controller and Data Protection Officer

10.1. Data Controller: The data controller of this privacy notice is PT Siam Maspion Terminal

10.2. Business Address: Maspion V Industrial Area, Jl. Beta Maspion, Manyar Sidomukti, Manyar, Gresik Regency, East Java 61151.

10.3. Contact Information: If you have any questions about this privacy notice, you can contact the data controller:

• Nanang Cahyono – ncahyono@smtjetty.com.

11. Miscellaneous

11.1. Amendments to Privacy Notice: If this privacy notice is changed, we will post the new privacy notice on our website or through other channels. The new privacy notice will take effect immediately on the date of the announcement.